Skip to main content

Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Last Update Date: 31 Oct 2013 15:28 Release Date: 31 Oct 2013 3842 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.

  1. Some unspecified errors and an error when handling workers with direct proxies within the JavaScript engine can be exploited to cause memory corruption.
  2. An unspecified error can be exploited to spoof the address bar by placing arbitrary HTML content within <select> elements in arbitrary locations.
  3. An error when handling uninitialised data during Extensible Stylesheet Language Transformation (XSLT) processing can be exploited to cause an access violation.
  4. Some errors when handling memory allocations in the JavaScript engine can be exploited to cause buffer overflows.
  5. A race condition error when handling cycle collected image objects can be exploited to cause a release of a cycle collected image object within a wrong thread via a specially crafted large page.
  6. Use-after-free errors exist when handling state change events during update of the offline cache, related to missing strong references in the browsing engine, and when interacting with HTML document templates.

Impact

  • Remote Code Execution
  • Spoofing

System / Technologies affected

  • Firefox versions prior to 25.0
  • Thunderbird versions prior to 24.1
  • Seamonkey versions prior to 2.22

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to a fixed version (Firefox 25.0, Thunderbird 24.1, Seamonkey 2.22).

Vulnerability Identifier


Source


Related Link