TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities Criticality level: Highly critical Impact: Security Bypass, Exposure of sensitive information, System access Where: From remote Software: Mozilla Firefox 9.x Mozilla Thunderbird 9.x SECUNIA ADVISORY ID: http://secunia.com/advisories/47816/ DESCRIPTION: A security issue and multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available. 2) An error when handling a sub-frame can be exploited to bypass the frame navigation policy and e.g. expose an "<iframe>" element via the name attribute. 3) A use-after-free error within the "AttributeChildRemoved()" method when removing child nodes from the "nsDOMAttribute" node can be exploited to execute arbitrary code. 4) An error within the implementation of XPConnect security checks when calling untrusted objects can be exploited to e.g. conduct cross-site scripting attacks. 5) An error within the "mImageBufferSize()" method when encoding images as "image/vnd.microsoft.icon" can be exploited to disclose certain sensitive data within the resulting image. 6) An unspecified error when decoding Ogg Vorbis files can be exploited to corrupt memory and execute arbitrary code. 7) An error within the handling of embedded XSLT stylesheets can be exploited to corrupt memory and execute arbitrary code. 8) The security issue is caused due to the "Firefox Recovery Key.html" file being saved with insecure file permissions when exporting the Firefox Sync key and can be exploited to read the contents of the file. This security issue only affects Firefox on Linux and OS X systems. SOLUTION: Upgrade to Firefox version 10.0 or Thunderbird version 10.0. ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2012/mfsa2012-01.html http://www.mozilla.org/security/announce/2012/mfsa2012-03.html http://www.mozilla.org/security/announce/2012/mfsa2012-04.html http://www.mozilla.org/security/announce/2012/mfsa2012-05.html http://www.mozilla.org/security/announce/2012/mfsa2012-06.html http://www.mozilla.org/security/announce/2012/mfsa2012-07.html http://www.mozilla.org/security/announce/2012/mfsa2012-08.html http://www.mozilla.org/security/announce/2012/mfsa2012-09.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-