TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities Criticality level: Highly critical Impact: Security Bypass, Exposure of sensitive information, System access Where: From remote Software: Mozilla Firefox 5.x Mozilla Thunderbird 5.x SECUNIA ADVISORY ID: http://secunia.com/advisories/45581/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system. 1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available. 2) An error in the handling of JAR file permissions can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. NOTE: This vulnerability does not affect Mozilla Thunderbird. 3) An error within WebGL can be exploited to cause a heap-based buffer overflow by passing an overly string to the ShaderSource method. 4) An error within the shader pre-processor of WebGL's ANGLE library can be exploited to cause a heap-based buffer overflow via programs with a large amount of pre-processing elements. 5) A use-after-free error exists within the "SVGTextElement.getCharNumAtPosition()" function when traversing the SVG container hierarchy. 6) An error within Content Security Policy can lead to proxy authorization credentials being leaked or hosts being resolved incorrectly. NOTE: This vulnerability does not affect Mozilla Thunderbird. 7) An error within Windows D2D hardware acceleration can be exploited to bypass the same-origin policy and read data from a different domain. SOLUTION: Upgrade to version 6. ORIGINAL ADVISORY: Mozilla (MFSA 2011-29, MFSA 2011-31): http://www.mozilla.org/security/announce/2011/mfsa2011-29.html http://www.mozilla.org/security/announce/2011/mfsa2011-31.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-270/ Context Information Security Ltd: http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0200.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-