‫ Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

IRCAD2013102958
ID: IRCAD2013102958
Release Date: 2013-10-30
Criticality level: Highly critical
 
Software:
Mozilla Firefox 17.x
Mozilla SeaMonkey 2.x
Mozilla Thunderbird 17.x
Mozilla Thunderbird 24.x
 
Description:
Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
1) Some unspecified errors can be exploited to cause memory corruption.
2) Some further unspecified errors can be exploited to cause memory corruption.
3) An unspecified error can be exploited to spoof the address bar by placing arbitrary HTML content within <select> elements in arbitrary locations.
4) An error when handling uninitialised data during Extensible Stylesheet Language Transformation (XSLT) processing can be exploited to cause an access violation.
5) Some errors when handling memory allocations in the JavaScript engine can be exploited to cause buffer overflows.
6) A race condition error when handling cycle collected image objects can be exploited to cause a release of a cycle collected image object within a wrong thread via a specially crafted large page.
7) A use-after-free error exists when handling state change events during update of the offline cache.
8) Multiple use-after-free errors exist related to missing strong references in the browsing engine.
9) An error when handling workers with direct proxies within the JavaScript engine can be exploited to cause memory corruption.
10) A use-after free error exists when interacting with HTML document templates.
Successful exploitation of the vulnerabilities #1, #2, and #4 through #‫10 may allow execution of arbitrary code.
Please see the vendor's advisories for a list of affected products and versions.
 
Solution
Update to a fixed version.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 8 آبان 1392

امتیاز

امتیاز شما
تعداد امتیازها:0