Skip to main content

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 1 Apr 2010 5460 Views

RISK: Medium Risk

Multiple vulnerabilitieshave been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. Due to memory corruption errors in the browser engine when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

2. Due to a use-after-free error within "nsTreeSelection", which could allow attackers to execute arbitrary code.

3. Due to a dangling pointer within "nsTreeContentView" when inserting "option" elements into a XUL tree "optgroup", which could allow attackers to execute arbitrary code.

4. Due to a dangling pointer within "nsPluginArray" when handling "window.navigator.plugins" object, which could allow attackers to execute arbitrary code.

5. Due to an error when handling browser applets, which could be exploited by attackers to turn a simple mouse click into a drag-and-drop action, leading to chrome privilege escalation.

6. Due to an error in the "XMLHttpRequestSpy" module in the Firebug add-on, which could allow chrome privilege escalation and arbitrary code execution.

7. Due to an error in the Network Security Services module.

8. Due to an error when handling an image tag pointing to a resource that redirects to a "mailto:" URL, which could cause the external email handler application to be launched, creating an annoyance when browsing a web site.

9. Due to "XMLDocument::load()" not checking "nsIContentPolicy".


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Mozilla Firefox versions prior to 3.6.2
  • Mozilla Firefox versions prior to 3.5.9
  • Mozilla Firefox versions prior to 3.0.19
  • Mozilla Thunderbird versions prior to 3.0.4
  • Mozilla SeaMonkey versions prior to 2.0.4

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link