‫ Mozilla Firefox / Thunderbird Multiple Vulnerabilities

IRCAD2013092895
ID: IRCAD2013092895
Release Date: 2013-09-18
Criticality level: Highly critical
Software:
Mozilla Firefox 23.x
Mozilla Thunderbird 17.x
Description:
Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An error within the "nsHtml5TreeBuilder::resetTheInsertionMode()" function when interacting with template elements can be exploited to cause a heap-based buffer overflow.
2) An integer overflow error within the ANGLE (Almost Native Graphics Layer Engine) library can be exploited to corrupt memory.
Note: This vulnerability affects Firefox only.
3) A use-after-free error within the Animation Manager when cloning stylesheets can be exploited to dereference already freed memory.
4) A use-after-free error within the "mozilla::dom::HTMLFormElement::IsDefaultSubmitElement()" function can be exploited to dereference already freed memory.
5) An error when calling scope for new Javascript objects can be exploited to corrupt memory.
6) The Mozilla Updater application does not properly restrict access to the MAR update file, which can be exploited to gain escalated privileges by replacing the MAR update file after the signature check.
Note: This vulnerability affects Windows platforms only.
7) An error within the NVIDIA OS X graphics driver can be exploited to gain knowledge of potentially sensitive information.
Note: This vulnerability affects Firefox on Mac platforms only.
8) An error within the "nsXBLBinding::DoInitJSClass()" function when moving XBL-backed nodes can be exploited to cause a compartment mismatch and subsequently potentially execution of arbitrary code.
Note: This vulnerability affects Thunderbird only.
9) An error within the "nsFloatManager::GetFlowArea()" function when combining list, floats, and multiple columns can be exploited to cause a buffer overflow.
10) A use-after-free error within the "mozilla::layout::ScrollbarActivity()" function when scrolling an image document can be exploited to dereference already freed memory.
11) An error within the "nsGfxScrollFrameInner::IsLTR()" function can be exploited to corrupt memory.
12) An unspecified error related to DOM proxies can be exploited to bypass certain security restrictions.
13) An error exists within default compartments and frame chain restoration.
Successful exploitation of vulnerabilities #1 through #5 and #8 through #‫13 may allow execution of arbitrary code.
14) Some errors can be exploited to cause memory corruption.
15) Some other errors can be exploited to cause memory corruption.
The vulnerabilities are reported in versions prior to 24.0.
Solution
Upgrade to version 24.0.
References:
Secunia
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0