Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Last Update Date: 22 Jun 2011 14:33 Release Date: 22 Jun 2011 6698 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

  1. Some unspecified errors can be exploited to corrupt memory.
  2. A use-after-free error in the "nsSVGPathSegList::ReplaceItem()" method when processing SVG element lists can be exploited to access an invalid element list when a user supplied callback deletes an object.
  3. A use-after-free error in the "nsSVGPointList::AppendElement()" method when processing SVG element lists can be exploited to access an invalid element list when a user supplied callback deletes an object.
  4. A use-after-free error in "nsXULCommandDispatcher" when processing XUL documents can be exploited to remove the currently used command updater.
  5. An error when handling cookies for two domains where one contains a trailing dot character can be exploited to bypass the same-origin policy and disclose a cookie to a third party.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Mozilla Firefox 3.6.x
  • Mozilla Thunderbird 3.1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to Firefox version 3.6.18 and Thunderbird version 3.1.11.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Word Insufficient Pointer Validation Vulnerability

20 Jun 2011 6571 Views

Next

Apple Mac OS X Multiple Vulnerabilities

24 Jun 2011 6873 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY