فا

‫ Mozilla Firefox Multiple Vulnerabilities

ID: IRCAD2015023777
Release Date: 2015-02-25
Criticality level: Highly critical
Software:
Mozilla Firefox 35.x
Description:
A security issue and some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
1) Some unspecified errors can be exploited to corrupt memory.
2) Some further unspecified errors can be exploited to corrupt memory.
3) An error related to certificate pinning can be exploited to bypass HTTP Public Key Pinning (HPKP) and HTTP Strict Transport Security (HSTS) and subsequently conduct e.g. Man-in-the-middle (MITM) attack.
4) An error related to handling WebRTC "turns:" and "stuns:" URIs can be exploited to disclose potentially sensitive information via a Man-in-the-middle (MITM) attack.
5) A use-after-free error within the "mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex()" method can be exploited to cause memory corruption.
6) An error within the "libstagefright" library when handling MP4 video playback can be exploited to cause a buffer overflow via a specially crafted MP4 video file.
7) An error when handling SVG graphic can be exploited to disclose contents of uninitialized memory.
8) An error within the "nsTransformedTextRun::SetCapitalization()" method can be exploited to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities #1-2, #5-6, and #8 may allow execution of arbitrary code.
9) An error within the "mozilla::MP3FrameParser::ParseBuffer()" method can be exploited to cause a stack-based buffer underflow and disclose potentially sensitive information.
10) An error related to form autocomplete feature can be exploited to disclose the contents of arbitrary user files within the Document Object Model (DOM).
11) An error within the Caja Compiler when handling certain JavaScript objects can be exploited to bypass the Caja sandbox.
Successful exploitation of this vulnerability requires loading web content using the Caja sandbox.
Note: Additionally a weakness related to handling UITour onPageEvents of whitelisted Mozilla domains in background tabs exists.
The security issue and vulnerabilities are reported in versions prior to 36.
Solution
Upgrade to version 36.
References:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 اسفند 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0