[PCWorks] Mozilla Firefox Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Tue, 27 Nov 2007 22:30:16 -0600
TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA27725
VERIFY ADVISORY:
http://secunia.com/advisories/27725/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox,
which can
be exploited by malicious people to conduct cross-site request
forgery
attacks and potentially to compromise a user's system.
1) A race condition when setting the "window.location" property
can
be exploited to generate a fake HTTP Referer header, which can
be
used to conduct cross-site request forgery attacks.
2) Some unspecified errors can be exploited to cause memory
corruption and potentially allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.0.0.10.
SOLUTION:
Update to version 2.0.0.10.
http://www.mozilla.com/firefox/
ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2007/mfsa2007-38.html
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
Other related posts:
