[PCWorks] Mozilla Firefox Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Wed, 28 Oct 2009 22:03:45 -0500

TITLE:
Mozilla Firefox Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA36711

VERIFY ADVISORY:
http://secunia.com/advisories/36711/

DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox, 
which can
be exploited by malicious people to disclose sensitive 
information,
bypass certain security restrictions, manipulate certain data, 
or
compromise a user's system.

1) An array indexing error exists when allocating space for 
floating
point numbers. This can be exploited to trigger a memory 
corruption
when a specially crafted floating point number is processed.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.0.14 and 3.5.3. 
Prior
versions may also be affected.

2) An error in the form history functionality can be exploited 
to
disclose history entries via a specially crafted web page that
triggers the automatic filling of form fields.

3) An error when creating JavaScript web-workers recursively 
can be
exploited to trigger the use of freed memory and cause a crash 
or
potentially execute arbitrary code.

4) An error exists when parsing regular expressions used in 
Proxy
Auto-configuration (PAC). This can be exploited to cause a 
crash or
potentially execute arbitrary code via specially crafted 
configured
PAC files.

5) An error when processing GIF color maps can be exploited to 
cause
a heap-based buffer overflow and potentially execute arbitrary 
code
via a specially crafted GIF file.

6) An error in the "XPCVariant::VariantDataToJS()" XPCOM 
utility can
be exploited to execute arbitrary JavaScript code with chrome
privileges.

7) An error in the implementation of the JavaScript
"document.getSelection()" function can be exploited to read 
text
selected on a web page in a different domain.

8) An error when downloading files can be exploited to display
different file names in the download dialog title bar and 
download
dialog body. This can be exploited to obfuscate file names via 
a
right-to-left override character and potentially trick a user 
into
running an executable file.

9) An error in the embedded liboggz library can be exploited to 
cause
a crash or potentially execute arbitrary code.

10) Multiple errors in the embedded libvorbis library can be
exploited to cause crashes or potentially execute arbitrary 
code.

11) An error in the embedded liboggplay library can be 
exploited to
cause a crash or potentially execute arbitrary code.

12) Multiple errors in the Firefox 3 and Firefox 3.5 browser 
engines
can be exploited to cause crashes or potentially execute 
arbitrary
code.

13) Multiple errors in the Firefox 3.5 browser engine can be
exploited to cause crashes or potentially execute arbitrary 
code.

14) An error in the Firefox 3 browser engine can be exploited 
to
cause a crash or potentially execute arbitrary code.

15) Multiple errors in the Firefox 3.5 JavaScript engine can be
exploited to cause crashes or potentially execute arbitrary 
code.

SOLUTION:
Update to version 3.0.15 or 3.5.4.

ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
http://www.mozilla.org/security/announce/2009/mfsa2009-64.html

Secunia Research:
http://secunia.com/secunia_research/2009-35/

=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Mozilla Firefox Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---