Skip to main content

Mozilla Firefox Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Oct 2009 5299 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Mozilla Firefox, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. An error within the form history, which could allow malicious web sites to trick a vulnerable browser into auto-filling form fields with history entries and then reading the entries.

2. Due to a predictable file naming scheme being used to download a file which already exists in the downloads folder, which could allow an attacker with access to a vulnerable system to place a malicious file in the world-writable directory used to save temporary downloaded files and cause the browser to open it.

3. A memory corruption error within the processing of recursive web-worker calls, which could be exploited to crash an affected browser or execute arbitrary code.

4. A memory corruption error within the parsing of regular expressions used in Proxy Auto-configuration (PAC) files, which could allow attackers to crash an affected browser or execute arbitrary code on a system where PAC has been configured with specific regular expresssions.

5. A heap overflow error in the GIF image parser, which could be exploited to crash an affected browser or execute arbitrary code.

6. Due to the XPCOM utility "XPCVariant::VariantDataToJS" unwrapping doubly-wrapped objects before returning them to chrome callers, which could result in chrome privileged code calling methods on an object which had previously been created or modified by web content, leading to the execution of malicious JavaScript code with chrome privileges.

7. A heap overflow error in the string to floating point number conversion routines, which could be exploited to crash an affected browser or execute arbitrary code.

8. Due to a same-origin policy bypass via the "document.getSelection" function, which could be exploited to conduct cross-domain scripting attacks.

9. An error when downloading a file with a name containing a right-to-left override character (RTL), which could be exploited to obfuscate the name and extension of a malicious file to be downloaded and opened.

10. Memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

Other memory corruption errors related to liboggz, libvorbis, and liboggplay have also been reported, which could be exploited by attackers to compromise a vunerable system.