Skip to main content

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 19 Feb 2010 5398 Views

RISK: Medium Risk

Multiple vulnerabilitieshave been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. Due to memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

2. Due to a heap corruption error in the implementation of Web Workers, which could be exploited to crash a vulnerable browser or execute arbitrary code.

3. Due to a use-after-free error in the HTML parser, which could be exploited to crash a vulnerable browser or execute arbitrary code.

4. Due to an error related to "dialogArguments()" calls, which could be exploited to conduct cross domain scripting attacks.

5. Due to an error when processing a SVG document embedded into another document with a specially crafted "Content-Type", which could be exploited to conduct cross domain scripting attacks.


Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Mozilla Firefox versions prior to 3.6
  • Mozilla Firefox versions prior to 3.5.8
  • Mozilla Firefox versions prior to 3.0.18
  • Mozilla Thunderbird versions prior to 3.0.2
  • Mozilla SeaMonkey versions prior to 2.0.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link