Mozilla Firefox / Seamonkey Multiple Vulnerabilities

Last Update Date: 20 Nov 2013 10:54 Release Date: 20 Nov 2013 3904 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox. A remote user can cause denial of service conditions and bypass security controls.

  1. When the verifylog feature is used when validating certificates, the system will use certificates that specify incompatible key usage constraints.
  2. On 64-bit systems, a remote user can create a specially crafted certificate that will trigger a certificate parsing error, attempting to write 4Gb of null characters.
  3. A remote user can trigger an integer truncation error in PL_ArenaAllocate in the Netscape Portable Runtime (NSPR) library code.
  4. The system prioritizes RC4 at a level higher than it should, which may facilitate plaintext or key recovery attacks.

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Firefox versions prior to 25.0.1
  • Seamonkey versions prior to 2.22.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (Firefox 25.0.1, Seamonkey 2.22.1).

Vulnerability Identifier

Source

Related Link

Share with

Previous

nginx URI Parsing Vulnerability

20 Nov 2013 4218 Views

Next

Drupal Multiple Vulnerabilities

22 Nov 2013 3835 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY