فا

‫ Mozilla Firefox ESR / Thunderbird Multiple Memory Corruption Vulnerabilities

IRCAD2014063364

Number: IRCAD2014063364

Date: 2014/06/11

Criticality level: highly critical

Software:

Mozilla Firefox 24.x

Mozilla Thunderbird 24.x

Description

Some vulnerabilities have been reported in Mozilla Firefox ESR and Thunderbird, which can be exploited by malicious people to compromise a user's system.

1)Some unspecified errors can be exploited to corrupt memory.

2)A use-after-free error in the "nsTextEditRules::CreateMozBR()" function can be exploited to corrupt heap-based memory.

3)A use-after-free error in the "RefreshDriverTimer::TickDriver()" function within the MIL Animation Controller can be exploited to corrupt heap-based memory.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in Firefox ESR and Thunderbird versions prior to 24.6.

Solution:

Update to version 24.6.

Resources:
secunia:
 
 
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 خرداد 1393

امتیاز

امتیاز شما
تعداد امتیازها:0