‫ Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

IRCAD2013123040
ID: IRCAD2013123040
Release Date: 2013-12-10
Criticality level: Highly critical
 
Software:
Mozilla Firefox 24.x
Mozilla SeaMonkey 2.x
Mozilla Thunderbird 24.x
 
Description:
A security issue and some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, where one has an unknown impact and others can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
1) Some unspecified errors exist, which can be exploited to cause memory corruption.
2) Some other unspecified errors exist, which can be exploited to cause memory corruption.
3) An error exists related to inherited character set encoding information, which can be exploited to bypass the cross-site scripting filtering.
4) An error exists when handling an <object> element contained within a sandboxed iframe, which can be exploited to bypass sandbox restrictions.
The vulnerabilities #2 through #4 affect SeaMonkey only.
5) A use-after-free error exists in the "nsEventListenerManager::HandleEventSubType()" function (nsEventListenerManager.cpp).
6) A use-after-free error exists in the "nsNodeUtils::LastRelease()" method (nsNodeUtils.cpp).
7) An error exists when inserting an ordered list into a document through script within the "nsGfxScrollFrameInner::IsLTR()" function.
8) An error exists when validating extended validation (EV) certificates, which can lead to the validation of an EV capable root certificate.
9) A use-after-free error exists related to synthetic mouse movement in the "DispatchSynthMouseMove()" virtual method, which can be exploited to corrupt heap-based memory.
10) A use-after-free error exists related to synthetic mouse movement in the "GetHoverGeneration()" function (RestyleManager.h), which can be exploited to corrupt heap-based memory.
Successful exploitation of vulnerabilities #1, #2, #5 through #7, #9, and #‫10 may allow execution of arbitrary code.
11) Two error exist within a bundled vulnerable version of libjpeg.
The security issue and the vulnerabilities are reported in Firefox ESR versions prior to 24.2, Thunderbird versions prior to 24.2, and SeaMonkey versions prior to 2.23.
 
Solution
Update to a fixed version.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 آذر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0