فا

‫ Mozilla Firefox / SeaMonkey Multiple Vulnerabilities

IRCAD2011041173
ID:IRCAD2011041173
Release Date: 2011-04-29
Criticality level: Highly critical
Software:
Mozilla Firefox 3.5.x
Mozilla Firefox 3.6.x
Mozilla SeaMonkey 2.x
Description:
Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information and compromise a user's system.
1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.
2) Multiple use-after-free errors within the handling of the "mChannel", "mObserverList", and "nsTreeRange" object attributes can be exploited to execute arbitrary code.
3) An error when handling Java applets can be exploited to steal entries from the form history via the autocomplete controls.
4) An error within the Java Embedding Plugin (JEP) can be exploited to gain escalated privileges.

This vulnerability only affects the Mac OS X versions.
5) An error in the implementation of the "resource:" protocol can be exploited to perform directory traversal attacks and disclose sensitive information.
6) This vulnerability only affects the Windows versions.
NOTE: A weakness in libxslt, which could lead to disclosure of heap addresses has also been reported.
Solution:
Update to Mozilla Firefox version 3.5.19 or 3.6.17 and Mozilla SeaMonkey version 2.0.14.
References:
Secunia:
http://secunia.com/advisories/44357/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 16 خرداد 1388

امتیاز

امتیاز شما
تعداد امتیازها: 0