Skip to main content

Mozilla Firefox, Thunderbird and Seamonkey Multiple Vulnerabilities

Last Update Date: 21 Feb 2013 Release Date: 20 Feb 2013 4538 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird and Seamonkey, which can be exploited by remote attackers to execute arbitrary code and gather sensitive information.

  1. Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
  2. Phishing on HTTPS connection through malicious proxy
  3. Use-after-free in nsImageLoadingContent
  4. Web content bypass of COW and SOW security wrappers
  5. Wrapped WebIDL objects can be wrapped again
  6. Miscellaneous memory safety hazards

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Firefox versions prior to 19
  • Thunderbird versions prior to 17.0.3
  • Seamonkey versions prior to 2.16

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (Firefox 19, Thunderbird 17.0.3, Seamonkey 2.16).

Vulnerability Identifier


Source


Related Link