Skip to main content

Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Last Update Date: 15 Oct 2012 11:27 Release Date: 15 Oct 2012 5264 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  1. The protected "location" object is accessible by other domain objects, which can be exploited to bypass the same origin policy and gain access to sensitive information.
  2. An unspecified error within the "FT2FontEntry::CreateFontEntry()" function can be exploited to corrupt memory.
  3. An unspecified error within the "mozilla::net::FailDelayManager::Lookup()" function when handling certain websockets can be exploited to corrupt memory.
  4. An error within security wrappers does not unwrap the "defaultValue" properly and can be exploited to gain access to the "location" object.

Impact

  • Remote Code Execution

System / Technologies affected

  • Mozilla Firefox 16.x
  • Mozilla SeaMonkey 2.x
  • Mozilla Thunderbird 16.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

Vulnerability Identifier


Source


Related Link