[PCWorks] Mozilla Firefox 4 Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Sat, 30 Apr 2011 00:45:38 -0500

TITLE:
Mozilla Firefox Multiple Vulnerabilities

Criticality level:  Highly critical
Impact: System access
Where:  From remote

Software:  Mozilla Firefox 4.0.x

SECUNIA ADVISORY ID:
http://secunia.com/advisories/44406/

DESCRIPTION:
Multiple vulnerabilities have been reported in Mozilla Firefox,
which
can be exploited by malicious people to compromise a user's
system.

1) Multiple errors in the browser engine can be exploited to
corrupt
memory and potentially execute arbitrary code.

2) An error in the WebGLES library when loading a shader can be
exploited to cause a buffer overflow and execute arbitrary
code.

3) An off-by-three error in libGLESv2 can be exploited to
corrupt
memory and execute arbitrary code.

NOTE: Additionally, a weakness exists within the
"generate-id()"
XPath function (libxslt), which can be exploited to disclose
certain
addresses from the heap.

The vulnerabilities are reported in versions prior to 4.0.1.

SOLUTION:
Update to version 4.0.1.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.mozilla.org/security/announce/2011/mfsa2011-18.html


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Mozilla Firefox 4 Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 04-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---