Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
Last Update Date:
31 Oct 2013 15:28
Release Date:
31 Oct 2013
3842
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
- Some unspecified errors and an error when handling workers with direct proxies within the JavaScript engine can be exploited to cause memory corruption.
- An unspecified error can be exploited to spoof the address bar by placing arbitrary HTML content within <select> elements in arbitrary locations.
- An error when handling uninitialised data during Extensible Stylesheet Language Transformation (XSLT) processing can be exploited to cause an access violation.
- Some errors when handling memory allocations in the JavaScript engine can be exploited to cause buffer overflows.
- A race condition error when handling cycle collected image objects can be exploited to cause a release of a cycle collected image object within a wrong thread via a specially crafted large page.
- Use-after-free errors exist when handling state change events during update of the offline cache, related to missing strong references in the browsing engine, and when interacting with HTML document templates.
Impact
- Remote Code Execution
- Spoofing
System / Technologies affected
- Firefox versions prior to 25.0
- Thunderbird versions prior to 24.1
- Seamonkey versions prior to 2.22
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to a fixed version (Firefox 25.0, Thunderbird 24.1, Seamonkey 2.22).
Vulnerability Identifier
- CVE-2013-5590
- CVE-2013-5592
- CVE-2013-5593
- CVE-2013-5594
- CVE-2013-5595
- CVE-2013-5596
- CVE-2013-5597
- CVE-2013-5599
- CVE-2013-5600
- CVE-2013-5601
- CVE-2013-5602
- CVE-2013-5603
- CVE-2013-5604
Source
Related Link
Share with