‫ Mozilla Firefox Multiple Vulnerabilities

ID: IRCAD2015033847
Release Date: 2015-03-31
Criticality level: Highly critical
Software:
Mozilla Firefox 36.x
Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, conduct clickjacking and cross-site request forgery attacks, bypass certain security restrictions, and compromise a user's system.
1) Some unspecified errors can be exploited to corrupt memory.
2) Some further unspecified errors can be exploited to corrupt memory.
3) A use-after-free error related to MP3 format audio files when using the Fluendo MP3 GStreamer plugin can be exploited to corrupt memory via a specially crafted MP3 file.
Note: This vulnerability affects the Linux platform only.
4) An error when handling the approval messages of the installation of a Firefox lightweight theme can be exploited to bypass the approval message via a MitM (Man-in-the-Middle) attack using a spoofed Mozilla sub-domain.
5) An error when handling resource:// documents can be exploited to load otherwise restricted privileged pages.
6) An error when transforming images with certain parameters within the QCMS color management library can be exploited to cause an out-of-bounds read.
7) An error related to flash content and image of the cursor handling can be exploited to conduct clickjacking attacks.
Note: This vulnerability affects the OS X platform only.
8) An error when following redirections after a CORS (cross-origin resource sharing) preflight related to "sendBeacon()" requests can potentially be exploited to conduct cross-site request forgery attacks.
9) Two errors during 2D graphics rendering within the "AllocateForSurface()" function of the mozilla::layers::BufferTextureClient class can be exploited to corrupt memory.
10) A type confusion error within the "AfterSetAttr()" function of the HTMLSourceElement class can be exploited to cause a use-after-free error and subsequently to corrupt memory.
11) A type confusion error within the "BindToTree()" function of the HTMLSourceElement class can be exploited to cause a use-after-free error and subsequently to corrupt memory.
12) An error when handling anchor navigation of a page can be exploited to bypassing certain same-origin policy protections.
13) An error when navigating from a privileged to an unprivileged window can be exploited to retain otherwise restricted access to privileged content.
The vulnerabilities are reported in versions prior to 37.
Solution
Upgrade to version 37.
References:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اردیبهشت 1394

امتیاز

امتیاز شما
تعداد امتیازها:0