‫ Mozilla Firefox / Thunderbird / SeaMonkey HTML Editor Use-After-Free Vulnerability

IRCAD2013032554
ID: IRCAD2013032554
Release Date: 2013-03-08
Criticality level: Highly critical
Software:
Mozilla Firefox 17.x
Mozilla Firefox 19.x
Mozilla SeaMonkey 2.x
Mozilla Thunderbird 17.x
Description:
A vulnerability has been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error within the HTML editor when content script is run by the "document.execCommand()" function while performing certain internal editing operations. This can be exploited to reference data from already freed memory.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following products:
 * Mozilla Firefox versions prior to 19.0.2
 * Mozilla Firefox ESR, Thunderbird, and Thunderbird ESR versions prior to 17.0.4
 * Mozilla SeaMonkey versions prior to 2.16.1
Solution
Update to a fixed version.
References:
MFSA 2013-29:
Secunia
http://secunia.com/advisories/52538/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 اسفند 1391

امتیاز

امتیاز شما
تعداد امتیازها:0