‫ Mozilla Firefox Multiple Vulnerabilities

IRCAD2014053284

Number: IRCAD2014053284
Date: 2014/04/30

Criticality level: Highly critical

Software:

Mozilla Firefox 28.x

Description

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) Some unspecified errors exist, which can be exploited to cause memory corruption.

2) Some further unspecified errors exist, which can be exploited to cause memory corruption.

3) The application uses a certain temp directory within maintenservice_installer.exe in an insecure way, which can be exploited to execute arbitrary code with the privileges of the Mozilla Maintenance Service by placing a specially crafted DLL within a certain temp directory during an update procedure.

4) An error exists when handling Web Audio, which can be exploited to cause an out-of-bounds read and subsequently cause memory corruption.

5) An error exists when validating the XBL status of an object, which can be exploited to cause a buffer overflow via a specially crafted script using a non-XBL object as an XBL object.

6) A use-after-free error exists when processing HTML video in the Text Track Manager, which can be exploited to cause heap-based memory corruption.

7) An error exists when working with canvas within the "sse2_composite_src_x888_8888()" function in the Cairo graphics library, which can be exploited to cause memory corruption.

8) An error exists when handling site notifications within the Web Notification API, which can be exploited to bypass certain security checks on source components for the Web Notification API and subsequently execute arbitrary code.

Successful exploitation of this vulnerability requires that a site has been granted notification permissions.

9) An error exists when handling browser navigations through history to load a website, which can be exploited to spoof the base
URI of the site and subsequently e.g. conduct cross-site scripting attacks.

10) A use-after-free error exists when handling an imgLoader object within the "nsGenericHTMLElement::GetWidthHeightForImage()" function, which can be exploited to cause heap-based memory corruption.

11) An error exists in NSS.

12) A use-after-free error exists when handling host resolution within the "libxul.so!nsHostResolver::ConditionallyRefreshRecord()" function, which can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #1, #2, #4 through #7, #‫10, and #‫12 may allow execution of arbitrary code.

13) An error exists when handling the debugging of certain objects, which can be exploited to bypass XrayWrappersvia JavaScript by tricking a user into debugging a malicious page.

The vulnerabilities are reported in versions prior to 29.

Solution:

Upgrade to version 29.

Resources:
secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 اردیبهشت 1393

امتیاز

امتیاز شما
تعداد امتیازها:0