فا

‫ Mozilla Firefox Multiple Vulnerabilities

IRCAD2014093494

ID: IRCAD2014093494

Release Date: 2014-09-03

Criticality level: Highly critical

Software:
Mozilla Firefox 31.x
Description:

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

1) An unspecified error can be exploited to cause memory corruption.

2) Some other unspecified errors can be exploited to cause memory corruption.

3) Some other unspecified errors can be exploited to cause memory corruption.

4) A use-after-free error during cycle collection when animating SVG content can be exploited to cause memory corruption.

5) An error when decoding GIF images can be exploited to disclose uninitialized memory contents via specially crafted GIF files.

6) An out-of-bounds read error when creating an audio timeline in Web Audio can be exploited to disclose memory contents.

7) A use-after-free error when setting text directionality can be exploited to cause memory corruption.
Successful exploitation of vulnerabilities #1 through #4 and #7 may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 32.

Solution

Upgrade to version 32.

References:

Mozilla:
https://www.mozilla.org/security/announce/2014/mfsa2014-67.html

Michal Zalewski:

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-14-304/

Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 19 شهریور 1393

امتیاز

امتیاز شما
تعداد امتیازها:0