Mozilla Products Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilitieshave been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.
1. Due to memory corruption errors in the browser and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
2. Due to a use-after-free error in "nsCycleCollector::MarkRoots()", which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
3. Due to a user-after-free error when two plugin instances interact, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
4. Due to an integer overflow error in "nsGenericDOMDataNode::SetTextInternal", which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
5. Due to an integer overflow error in an XSLT node sorting routine, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
6. Due to an error related to the use of "focus()" calls, which could be exploited to inject or steal keystrokes.
7. Due to the "Content-Disposition:" attachment HTTP header being ignored when "Content-Type:" multipart was also present, which could allow cross site scripting attacks against certain web sites.
8. Due to an error when seeding the pseudo-random number generator, which could allow user tracking across sites using "Math.random()".
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Mozilla Firefox versions prior to 3.6.4
- Mozilla Firefox versions prior to 3.5.10
- Mozilla Thunderbird versions prior to 3.0.5
- Mozilla SeaMonkey versions prior to 2.0.5
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Mozilla Firefox version 3.6.4 or 3.5.10 :
- http://www.mozilla.com/firefox/ - Upgrade to Mozilla Thunderbird version 3.0.5 :
- http://www.mozilla.com/thunderbird/ - Upgrade to Mozilla SeaMonkey version 2.0.5 :
- http://www.mozilla.com/seamonkey/
Vulnerability Identifier
- CVE-2008-5913
- CVE-2010-0183
- CVE-2010-1121
- CVE-2010-1125
- CVE-2010-1196
- CVE-2010-1197
- CVE-2010-1198
- CVE-2010-1199
- CVE-2010-1200
- CVE-2010-1201
- CVE-2010-1202
- CVE-2010-1203
Source
Related Link
- http://www.vupen.com/english/advisories/2010/1551
- http://secunia.com/advisories/40309/
- http://secunia.com/advisories/40323/
- http://secunia.com/advisories/40326/
- http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
Share with