Mozilla Products Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.
1. Due to memory corruption errors in the browser engine when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
2. Due to a buffer overflow vulnerability when processing an overly long argument passed to "document.write()", which could be exploited to execute arbitrary code.
3. Due to an error when handling "window.open" and "isindex" elements, which could be exploited to execute arbitrary code with chrome privileges.
4. Due to a memory corruption error when using HTML tags inside a XUL tree, which could be exploited to execute arbitrary code.
5. Due to errors related to malformed fonts, which could be exploited to execute arbitrary code.
6. Due to an error when loading Java LiveConnect scripts via a "data:" URL, which could allow Java security bypass and code execution.
7. Due to a use-after-free error related to "nsDOMAttribute" nodes, which could be exploited to execute arbitrary code.
8. Due to an integer overflow error related to "NewIdArray", which could be exploited to execute arbitrary code.
9. Due to an error related to XMLHttpRequestSpy, which could be exploited to execute arbitrary code.
10. Due to an error when handling network or certificate error pages, which could be exploited to spoof the location bar.
11. Due to input validation error related to x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings, which could allow cross site scripting attacks.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Mozilla Firefox versions prior to 3.6.13
- Mozilla Firefox versions prior to 3.5.16
- Mozilla Thunderbird versions prior to 3.1.7
- Mozilla Thunderbird versions prior to 3.0.11
- Mozilla SeaMonkey versions prior to 2.0.11
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Mozilla Firefox version 3.6.13 or 3.5.16 :
- http://www.mozilla.com/firefox/ - Upgrade to Mozilla Thunderbird version 3.1.7 or 3.0.11 :
- http://www.mozilla.com/thunderbird/ - Upgrade to Mozilla SeaMonkey version 2.0.11 :
- http://www.mozilla.com/seamonkey/
Vulnerability Identifier
- CVE-2010-3766
- CVE-2010-3767
- CVE-2010-3768
- CVE-2010-3769
- CVE-2010-3770
- CVE-2010-3771
- CVE-2010-3772
- CVE-2010-3773
- CVE-2010-3774
- CVE-2010-3775
- CVE-2010-3776
- CVE-2010-3777
- CVE-2010-3778
Source
Related Link
- http://www.vupen.com/english/advisories/2010/3164
- http://secunia.com/advisories/42517/
- http://secunia.com/advisories/42518/
- http://secunia.com/advisories/42519/
- http://www.mozilla.org/security/announce/2010/mfsa2010-84.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-82.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-80.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-79.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-77.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-76.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
Share with