|
|
>> Mozilla Products Multiple Remote Command Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to take complete control of an affected system or bypass security restrictions.
The first issue is due to memory corruption errors in the layout and JavaScript engines, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The second flaw is due to a buffer overflow error when using the CSS cursor property to set the cursor to certain images on Windows, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The third vulnerability is due to an error when handling the JavaScript "watch()" function, which could be exploited by attackers to compromise a vulnerable system.
The fourth issue is due to a memory corruption error in LiveConnect, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The fifth flaw is due to an error when handling the "src" attribute of an "IMG" element loaded in a frame, which could be exploited to conduct cross site scripting attacks.
The sixth vulnerability is due to a memory corruption error when appending an SVG comment DOM node from one document into another type of document (e.g. HTML), which could be exploited by attackers to compromise a vulnerable system.
The seventh issue is due to a buffer overflow error when processing emails with an overly long "Content-Type" or "rfc2047-encoded" header, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The eighth issue is due to an error in the "Feed Preview" feature, which could be exploited by attackers to disclose certain information.
The ninth vulnerability is due to a Function prototype regression, which could be exploited to bypass security restrictions and conduct cross site scripting attacks.
The tenth issue is due to a memory corruption error in the "js_dtoa()" function when reducing the CPU's floating point precision (e.g. when loading a plugin creating a Direct3D device on Windows).
Affected Products
Mozilla Firefox versions prior to 2.0.0.1
Mozilla Firefox versions prior to 1.5.0.9
Mozilla Thunderbird versions prior to 1.5.0.9
Mozilla SeaMonkey versions prior to 1.0.7
Solution
Upgrade to Mozilla Firefox version 2.0.0.1 or 1.5.0.9 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla Thunderbird version 1.5.0.9 :
http://www.mozilla.com/thunderbird/
Upgrade to Mozilla SeaMonkey version 1.0.7 :
http://www.mozilla.org/projects/seamonkey/
References
http://www.vupen.com/english/advisories/2006/5068
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
http://www.mozilla.org/security/announce/2006/mfsa2006-69.html
http://www.mozilla.org/security/announce/2006/mfsa2006-70.html
http://www.mozilla.org/security/announce/2006/mfsa2006-71.html
http://www.mozilla.org/security/announce/2006/mfsa2006-72.html
http://www.mozilla.org/security/announce/2006/mfsa2006-73.html
http://www.mozilla.org/security/announce/2006/mfsa2006-74.html
http://www.mozilla.org/security/announce/2006/mfsa2006-75.html
http://www.mozilla.org/security/announce/2006/mfsa2006-76.html
Credits
Vulnerabilities reported by Frederik Reiss, shutdown, Steven Michaud, moz_bug_r_a4, Zero Day Initiative, Georgi Guninski, David Bienvenu, and Jared Breland.
ChangeLog
2006-12-19 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
