TITLE: Mozilla Firefox Multiple Vulnerabilities Criticality level: Highly critical Impact: System access Where: From remote Software: Mozilla Firefox 4.0.x SECUNIA ADVISORY ID: http://secunia.com/advisories/44406/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. 1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error in the WebGLES library when loading a shader can be exploited to cause a buffer overflow and execute arbitrary code. 3) An off-by-three error in libGLESv2 can be exploited to corrupt memory and execute arbitrary code. NOTE: Additionally, a weakness exists within the "generate-id()" XPath function (libxslt), which can be exploited to disclose certain addresses from the heap. The vulnerabilities are reported in versions prior to 4.0.1. SOLUTION: Update to version 4.0.1. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.mozilla.org/security/announce/2011/mfsa2011-17.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-