[PCWorks] Mozilla Firefox Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Tue, 29 Jun 2010 08:01:02 -0500
(Apparently Secunia saw their mistake confusing FF with Tbird
and sent this one for FF....)
TITLE:
Mozilla Firefox Multiple Vulnerabilities
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information,
System access
Where: From remote
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40309/
RELEASE DATE:
2010-06-29
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox,
which can
be exploited by malicious people to disclose sensitive
information,
bypass certain security restrictions, or to compromise a user's
system.
1) Multiple errors in the browser engine can be exploited to
corrupt
memory and potentially execute arbitrary code.
2) An error in the handling of multipart/x-mixed-replace
resources
can be exploited to corrupt memory and potentially execute
arbitrary
code.
This vulnerability only affects version 3.5.x.
3) Multiple errors in the Javascript engine can be exploited to
corrupt memory and potentially execute arbitrary code.
4) Multiple errors in the Javascript engine can be exploited to
corrupt memory and potentially execute arbitrary code.
These errors only affect version 3.6.x.
5) A use-after-free error exists in
"nsCycleCollector::MarkRoots()",
which can result in the use of an invalid pointer and allows
execution of arbitrary code.
6) A use-after-free error in the handling of object references
among
multiple plugin instances can be exploited to trigger the use
of an
invalid pointer and execute arbitrary code.
7) An integer overflow error exists in
"nsGenericDOMDataNode::SetTextInternal" within the handling of
text
values for certain types of DOM nodes. This can be exploited to
cause
a heap-based buffer overflow via overly large strings.
8) An integer overflow error in a XSLT node sorting routine can
be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a node containing an overly large text
value.
9) A weakness is caused due to "focus()" allowing to direct
user
input to unintended locations, e.g. an embedded iframe from
another
domain.
10) The HTTP "Content-Disposition: attachment" header is
ignored when
"Content-Type: multipart" is also present. This can result in
security
features being bypassed in sites that allow users to upload
arbitrary
files and specify a "Content-Type" but rely on
"Content-Disposition:
attachment" to prevent the content from being displayed inline.
11) A weakness exists due to the pseudo-random number generator
being
seeded only once per browsing session, which can be exploited
to
disclose the value used to seed "Math.random()" and potentially
identify and track users across different web sites.
SOLUTION:
Update to version 3.5.10 or 3.6.4.
ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
