فا

‫ Mozilla Firefox ESR / Thunderbird Multiple Vulnerabilities

ID: IRCAD2014123652
Release Date: 2014-12-02
Criticality level: Highly critical
Software:
Mozilla Firefox 31.x
Mozilla Thunderbird 31.x
Description:
A security issue and some vulnerabilities have been reported in Mozilla Firefox ESR and Thunderbird, where one has an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system.
1) Some unspecified errors can be exploited to corrupt memory.
2) A use-after-free error when parsing certain HTML within the nsHtml5TreeOperation class (xul.dll) can be exploited to corrupt memory.
3) An error when parsing media content within the "mozilla::FileBlockCache::Read()" function (media/FileBlockCache.cpp) can be exploited to cause a stack-based buffer overflow.
Successful exploitation of the vulnerabilities #1 through #3 may allow execution of arbitrary code.
4) A bad cast error from BasicThebesLayer to BasicContainerLayer exists.
5) An error when handling certain custom memory allocators can lead to the keylogging of certain sensitive information.
Note: This security issue affects OS X 10.10 (Yosemite) only.
The security issue and the vulnerabilities are reported in versions prior to 31.3.
Solution
Update to version 31.3 and remove certain files on OS X 10.10 (Yosemite) within the /tmp folder (please see the vendor's advisory for details).
References:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 17 آذر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0