Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Last Update Date: 13 Jun 2014 Release Date: 12 Jun 2014 3143 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Mozilla Firefox / Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct clickjacking attacks.

  1. A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow, use-after-free, memory corruption or boundary error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
  2. On Windows 8 systems with a gamepad or virtual gamepad installed, a user can trigger a buffer overflow in the Gamepad API to execute arbitrary code.
  3. A remote user can create a specially crafted embedded flash object that, when loaded by the target user, will cause the cursor to be made invisible, facilitating clickjacking attacks.

Impact

  • Denial of Service
  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Firefox versions prior to 30.0
  • Firefox ESR versions prior to 24.6
  • Thunderbird versions prior to 24.6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (version 24.6, 30.0).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Multiple Vulnerabilities

11 Jun 2014 3127 Views

Next

Cisco Products OpenSSL SSL/TLS Vulnerabilities

13 Jun 2014 3654 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY