TITLE: Mozilla Firefox 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32713 VERIFY ADVISORY: http://secunia.com/advisories/32713/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Mozilla Firefox 3.x http://secunia.com/advisories/product/19089/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. 1) An error when processing "file:" URIs can be exploited to execute arbitrary JavaScript code with chrome privileges by tricking a user into opening a malicious local file in a tab previously opened for a "chrome:" document or a privileged "about:" URI. 2) Various errors in the layout engine can be exploited to cause memory corruptions and potentially execute arbitrary code. 3) An error in the browser engine can be exploited to cause a crash. For more information see vulnerability #5 in: SA32693 4) An error in the JavaScript engine can be exploited to cause a memory corruption and potentially execute arbitrary code. 5) An error in the browser's restore feature can be exploited to violate the same-origin policy. For more information see vulnerability #7 in: SA32693 6) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code. For more information see vulnerability #8 in: SA32693 7) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code: For more information see vulnerability #9 in: SA32693 8) An error in "nsXMLHttpRequest::NotifyEventListeners()" can be exploited to bypass certain security restrictions. For more information see vulnerability #10 in: SA32693 9) An error can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. For more information see vulnerability #11 in: SA32693 10) An error exists when parsing E4X documents can be exploited to inject arbitrary XML code. For more information see vulnerability #12 in: SA32693 The vulnerabilities are reported in versions prior to 3.0.4. SOLUTION: Update to version 3.0.4. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2008/mfsa2008-51.html http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.mozilla.org/security/announce/2008/mfsa2008-53.html http://www.mozilla.org/security/announce/2008/mfsa2008-54.html http://www.mozilla.org/security/announce/2008/mfsa2008-55.html http://www.mozilla.org/security/announce/2008/mfsa2008-56.html http://www.mozilla.org/security/announce/2008/mfsa2008-57.html http://www.mozilla.org/security/announce/2008/mfsa2008-58.html OTHER REFERENCES: SA32693: http://secunia.com/advisories/32693/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-