|
|
Mozilla Products Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.
The first issues are caused by memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
The second vulnerability is caused due to memory corruption errors in liboggplay when processing malformed audio and video data, which could be exploited to crash a vulnerable browser or execute arbitrary code.
The third issue is caused due to integer overflow and input validation errors in the Theora video library (libtheora) when processing malformed data, which could be exploited to crash a vulnerable browser or execute arbitrary code.
The fourth vulnerability is caused by an error in the NTLM implementation, which could allow reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser.
The fifth issue is caused by errors when processing the "document.location" property, which could allow attackers to spoof the URL in the location bar or display the SSL indicator near the location bar while visiting an insecure web page.
The sixth vulnerability is caused by an error when handling the "window.opener" property, which could allow attackers to execute arbitrary JavaScript code with chrome privileges.
The seventh issue is caused due to "GeckoActiveXObject" generating different exception messages based on whether or not the requested COM object's ProgID is present in the system registry, which could allow attackers to enumerate a list of COM objects installed on a system.
Mozilla Firefox versions prior to 3.5.6
Mozilla Firefox versions prior to 3.0.16
Mozilla SeaMonkey versions prior to 2.0.1
Upgrade to Mozilla Firefox version 3.5.6 or 3.0.16 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 2.0.1 :
http://www.mozilla.org/projects/seamonkey/
http://www.vupen.com/english/advisories/2009/3547
http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
http://www.mozilla.org/security/announce/2009/mfsa2009-67.html
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
In-depth
Binary Analysis
 |
Available in customer area as part of
VUPEN Binary Analysis & Exploits Service and
VUPEN Vulnerability Notification Service Ultimate Feed Edition.
Private Exploit or PoC
|
Available in customer area as part of
VUPEN Binary Analysis & Exploits Service and
VUPEN Vulnerability Notification Service Ultimate Feed Edition.
Vulnerabilities reported by Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, Jeremy Lea, David Mandelin, Gary Kwong, Jason Orendorff, Igor Bukanov, David Keeler, Bob Clary, Dan Kaminsky, David Keelern, Takehiro Takahashi (IBM X-Force), Jonathan Morgan, Jordi Chancel, David James and Gregory Fleischer.
2009-12-16 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
