[PCWorks] Mozilla Firefox Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Sat, 11 Dec 2010 20:32:24 -0600

TITLE:
Mozilla Firefox Multiple Vulnerabilities

Criticality level: Highly critical
Impact:  Security Bypass, Cross Site Scripting, Spoofing, 
System access
Where:  From remote

SECUNIA ADVISORY ID:
http://secunia.com/advisories/42517/

DESCRIPTION:
A weakness and some vulnerabilities have been reported in 
Mozilla
Firefox, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain 
security
restrictions, and compromise a user's system.

1) Multiple errors in the browser engine can be exploited to 
corrupt
memory and potentially execute arbitrary code.

2) An error when handling line breaks in overly long strings 
passed
to "document.write()" can be exploited to read data from
out-of-bounds memory location and potentially execute arbitrary
code.

3) An error when opening a new window using "window.open()" can 
be
exploited to execute arbitrary JavaScript code with chrome 
privileges
via the "<isindex>" element.

4) An error in the handling of "<div>" elements nested within
"<treechildren>" elements in a XUL tree element can be 
exploited to
corrupt memory and potentially execute arbitrary code.

5) An error in the Java LiveConnect script when loaded via a 
"data:"
URL can be exploited to e.g. read arbitrary files, launch 
arbitrary
processes, and establish arbitrary network connections.

6) A use-after-free error in the "NodeIterator API" when 
handling a
"nsDOMAttribute" node can be exploited to corrupt memory and 
execute
arbitrary code.

7) An integer overflow when creating arrays can be exploited to
corrupt memory and potentially execute arbitrary code.

8) An error related to the XMLHttpRequestSpy object can be 
exploited
to execute arbitrary JavaScript code.

This is due to an incomplete fix for vulnerability #9 in:
http://secunia.com/SA37242/

9) An error exists in the handling of documents with no 
inherent
origin associated. This can be exploited to bypass the 
same-origin
policy and spoof the URL of a trusted site by tricking users 
into
opening site which result in e.g. about:config or 
about:neterror
pages.

10) An error exists in the rendering engine when handling 
certain Mac
charset encodings. This can be exploited to potentially execute
arbitrary JavaScript code in the context of the destination 
website.

The weakness and the vulnerabilities are reported in versions 
prior
to 3.6.13 and 3.5.16.

SOLUTION:
Update to version  3.6.13 or 3.5.16.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
http://www.mozilla.org/security/announce/2010/mfsa2010-76.html
http://www.mozilla.org/security/announce/2010/mfsa2010-77.html
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
http://www.mozilla.org/security/announce/2010/mfsa2010-79.html
http://www.mozilla.org/security/announce/2010/mfsa2010-80.html
http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
http://www.mozilla.org/security/announce/2010/mfsa2010-82.html
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
http://www.mozilla.org/security/announce/2010/mfsa2010-84.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-264/
http://www.zerodayinitiative.com/advisories/ZDI-10-265/

Michal Zalewski:
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0144.html


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
http://www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
http://www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at http://www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription