|
|
>> Mozilla Products Remote Code Execution and Security Bypass Issues
|
Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by memory corruption errors in the browser and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.
The second vulnerability is caused by a same-origin validation error when processing certain JavaScript data, which could be exploited to conduct cross site scripting attacks.
The third issue is caused by an when handling signed JARs, which could be exploited to inject arbitrary JavaScript code.
The fourth vulnerability is caused by an error when handling fastload files, which could be exploited to load Chrome script.
The fifth issue is caused by an error related to "mozIJSSubScriptLoader.loadSubScript()", which could be exploited to execute arbitrary code.
The sixth vulnerability is caused by an error when handling originalTarget events and DOM Range, which could be exploited to upload arbitrary files.
The seventh issue is caused by an error within Java LiveConnect on Mac OS X, which could be exploited to create arbitrary socket connections.
The eighth vulnerability is caused by an uninitialized memory access when handling a malformed ".properties" file.
The ninth issue is caused by an input validation error when processing file location URLs in directory listings.
The tenth weakness is caused by an error when handling "alt names" used by peer-trusted certs, which could be exploited to conduct spoofing attacks.
The eleventh issue is caused by an error when handling Windows URL shortcuts, which could be exploited to run a remote site as a local file.
The twelfth vulnerability is caused by a memory corruption error in the block reflow, which could be exploited to crash an affected browser or execute arbitrary code.
Affected Products
Mozilla Firefox versions prior to 2.0.0.15
Mozilla Thunderbird versions prior to 2.0.0.15
Mozilla SeaMonkey versions prior to 1.1.11
Solution
Upgrade to Mozilla Firefox version 2.0.0.15 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 1.1.11 :
http://www.mozilla.org/projects/seamonkey/
References
http://www.vupen.com/english/advisories/2008/1993
http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
http://www.mozilla.org/security/announce/2008/mfsa2008-22.html
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
http://www.mozilla.org/security/announce/2008/mfsa2008-27.html
http://www.mozilla.org/security/announce/2008/mfsa2008-28.html
http://www.mozilla.org/security/announce/2008/mfsa2008-29.html
http://www.mozilla.org/security/announce/2008/mfsa2008-30.html
http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
http://www.mozilla.org/security/announce/2008/mfsa2008-32.html
Credits
Vulnerabilities reported by Devon Hubbard, Jesse Ruderman, Martijn Wargers, Igor Bukanov, Gary Kwong, moz_bug_r_a4, Collin Jackson, Adam Barth, Claudio Santambrogio, Gregory Fleischer, Daniel Glazman, Masahiro Yamada, John G. Myers and Geoff.
ChangeLog
2008-07-02 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
