Mozilla Firefox Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 5 Aug 2009 5290 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Mozilla Firefox, which could be exploited by attackers to manipulate certain data, disclose sensitive information or compromise a vulnerable system.

1. Due to an error when handling a SOCKS5 proxy reply containing an overly long DNS name, which could be exploited to corrupt subsequent data stream in the response.

2. Due to a spoofing issue when handling "window.open()" calls.

3. Due to memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

4. Due to a broken functionality that the window's global object receiving an incorrect security wrapper on pages that had a "Link:" HTTP header when an add-on implementing a Content Policy in JavaScript was installed, which could allow arbitrary JavaScript execution with chrome privileges.

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Mozilla Firefox versions 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple iPhone SMS Processing Memory Corruption Vulnerability

4 Aug 2009 5671 Views

Next

Sun Java Multiple Code Execution and Security Bypass Vulnerabilities

6 Aug 2009 5271 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY