Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
Last Update Date:
20 Mar 2014 17:36
Release Date:
20 Mar 2014
3600
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
- Some unspecified errors exist, which can be exploited to cause memory corruption.
- An error when decoding WAV audio files and performing polygon rendering in MathML can be exploited to cause an out-of-bounds read memory access.
- An error related to the permission prompt for a WebRTC session can be exploited to spoof the prompt and subsequently gain otherwise restricted access to the webcam or microphone.
- An error when handling certain WebGL content can be exploited to e.g. spoof another site's WebGL context.
- A timing error when processing SVG format images with filters and displacements can be exploited to potentially disclose text values across domains.
- An error related to certain WebIDL-implemented APIs can be exploited to load otherwise inaccessible privileged pages.
- A use-after-free error when handling garbage collection of TypeObjects under memory pressure can be exploited to cause memory corruption.
- An error within the TypedArrayObject implementation when handling neutered ArrayBuffer objects and copying valued into a neutered array can be exploited to cause an out-of-bounds read or write memory access.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
System / Technologies affected
- Firefox versions prior to 28
- Firefox ESR versions prior to 24.4
- Thunderbird versions prior to 24.4
- SeaMonkey versions prior to 2.25
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to a fixed version.
Vulnerability Identifier
- CVE-2014-1493
- CVE-2014-1494
- CVE-2014-1497
- CVE-2014-1499
- CVE-2014-1502
- CVE-2014-1505
- CVE-2014-1508
- CVE-2014-1510
- CVE-2014-1512
- CVE-2014-1513
- CVE-2014-1514
Source
Related Link
Share with