فا

‫ Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

IRCAD2014023128
ID: IRCAD2014023128
Release Date: 2014-02-05
Criticality level: Highly critical
 
Software:

Mozilla Firefox 24.x

Mozilla SeaMonkey 2.x

Mozilla Thunderbird 24.x

 
Description:

Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) Some unspecified errors exist, which can be exploited to cause memory corruption.

2) Some other unspecified errors exist, which can be exploited to cause memory corruption.

3) An error when handling XML Binding Language (XBL) content scopes can be exploited to bypass System Only Wrappers (SOW).

4) An error when handling discarded images within the "RasterImage" class can be exploited to cause memory corruption.

5) An error related to the "document.caretPositionFromPoint()" and "document.elementFromPoint()" functions can be exploited to bypass the same-origin policy and subsequently e.g. potentially disclose certain attributes of an iframe element.

6) An error when handling XSLT stylesheets can be exploited to bypass Content Security Policy (CSP) and subsequently e.g. execute arbitrary script code.

7) A use-after-free error related to certain content types when used with the "imgRequestProxy()" function can be exploited to cause memory corruption.

8) An error when handling web workers' error messages can be exploited to bypass the same-origin policy and subsequently e.g. disclose otherwise inaccessible information.

9) An error when terminating a web worker running asm.js code after passing an object between threads can be exploited to cause memory corruption.

The vulnerabilities #2, #5, #6, and #9 affect SeaMonkey only.

10) A race condition error when handling session tickets within libssl can be exploited to e.g. cause memory corruption.

11) An error when handling JavaScript native getters on window objects can be exploited to e.g. bypass certain unspecified security restrictions.

Successful exploitation of vulnerabilities #1, #2, #4, #7, #9, and #‫10 may allow execution of arbitrary code.

The vulnerabilities are reported in Firefox ESR versions prior to 24.3, Thunderbird versions prior to 24.3, and SeaMonkey versions prior to 2.24.

 
Solution

Update to a fixed version.

 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 بهمن 1392

امتیاز

امتیاز شما
تعداد امتیازها:0