Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Last Update Date: 15 Jan 2015 11:53 Release Date: 15 Jan 2015 3664 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system, conduct cross-site request forgery attacks, and obtain potentially sensitive information.

  1. A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system.
  2. The navigator.sendBeacon() function does not honour the cross-origin resource sharing (CORS) specification. A remote user can exploit this to conduct cross-site request forgery attacks.
  3. A remote Web Proxy can return an HTTP 407 Proxy Authentication response with a specially crafted Set-Cookie header value to inject cookies and conduct session-fixation attacks.

Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Firefox versions prior to 35.0
  • Thunderbird versions prior to 31.4

    Solutions

    Before installation of the software, please visit the software manufacturer web-site for more details.

    • The vendor has issued a fix (Firefox 35.0, Thunderbird 34.1).

    Vulnerability Identifier

    Source

    Related Link

    • Share with

    Previous

    Microsoft Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

    14 Jan 2015 3853 Views

    Next

    Moodle Multiple Vulnerabilities

    20 Jan 2015 3680 Views

    We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

    PRIVACY POLICY