Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Last Update Date: 15 Oct 2012 11:27 Release Date: 15 Oct 2012 4564 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  1. The protected "location" object is accessible by other domain objects, which can be exploited to bypass the same origin policy and gain access to sensitive information.
  2. An unspecified error within the "FT2FontEntry::CreateFontEntry()" function can be exploited to corrupt memory.
  3. An unspecified error within the "mozilla::net::FailDelayManager::Lookup()" function when handling certain websockets can be exploited to corrupt memory.
  4. An error within security wrappers does not unwrap the "defaultValue" properly and can be exploited to gain access to the "location" object.

Impact

  • Remote Code Execution

System / Technologies affected

  • Mozilla Firefox 16.x
  • Mozilla SeaMonkey 2.x
  • Mozilla Thunderbird 16.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Two Vulnerabilities

12 Oct 2012 4558 Views

Next

Multi-vendor IP camera web interface authentication bypass Vulnerability

16 Oct 2012 4796 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY