Mozilla Products Multiple Vulnerabilities
Last Update Date:
12 Oct 2012
Release Date:
11 Oct 2012
4967
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities reported in Mozilla Firefox, Seamonkey and Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system, inject scripting code, and spoof portions of the page.
- A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error, use-after-free memory error, buffer overflow, access control error, or other flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will run in the security context of an arbitrary site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
- A remote user can exploit a flaw in the processing of <select> elements to spoof portions of a page.
- A remote user can create specially crafted HTML that, when loaded by the target user, will access recently visited URLs and URL parameters. Only version 16.0 is affected.
Impact
- Remote Code Execution
- Information Disclosure
- Spoofing
- Data Manipulation
System / Technologies affected
- Mozilla Firefox versions prior to 16.0.1
- Mozilla Seamonkey versions prior to 2.13
- Mozilla Thunderbird versions prior to ESR 10.0.8, 16.0.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix for Mozilla Firefox (ESR 10.0.8; 16.0.1).
- The vendor has issued a fix for Mozilla Seamonkey (2.13).
- The vendor has issued a fix for Mozilla Thunderbird (ESR 10.0.8; 16.0.1).
Vulnerability Identifier
- CVE-2012-3982
- CVE-2012-3983
- CVE-2012-3984
- CVE-2012-3985
- CVE-2012-3986
- CVE-2012-3987
- CVE-2012-3988
- CVE-2012-3989
- CVE-2012-3990
- CVE-2012-3991
- CVE-2012-3992
- CVE-2012-3993
- CVE-2012-3994
- CVE-2012-3995
- CVE-2012-4179
- CVE-2012-4180
- CVE-2012-4181
- CVE-2012-4182
- CVE-2012-4183
- CVE-2012-4184
- CVE-2012-4185
- CVE-2012-4186
- CVE-2012-4187
- CVE-2012-4188
Source
Related Link
Share with