Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
Last Update Date:
15 Oct 2012 11:27
Release Date:
15 Oct 2012
5264
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
- The protected "location" object is accessible by other domain objects, which can be exploited to bypass the same origin policy and gain access to sensitive information.
- An unspecified error within the "FT2FontEntry::CreateFontEntry()" function can be exploited to corrupt memory.
- An unspecified error within the "mozilla::net::FailDelayManager::Lookup()" function when handling certain websockets can be exploited to corrupt memory.
- An error within security wrappers does not unwrap the "defaultValue" properly and can be exploited to gain access to the "location" object.
Impact
- Remote Code Execution
System / Technologies affected
- Mozilla Firefox 16.x
- Mozilla SeaMonkey 2.x
- Mozilla Thunderbird 16.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.
Vulnerability Identifier
Source
Related Link
Share with