ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19631] Firefox Multiple Vulnerabilities



> 
> 
> TITLE:
> Firefox Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA19631
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19631/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Security Bypass, Cross Site Scripting, Spoofing, Exposure of
> sensitive information, DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Mozilla Firefox 0.x
> http://secunia.com/product/3256/
> Mozilla Firefox 1.x
> http://secunia.com/product/4227/
> 
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Firefox, which can be
> exploited by malicious people to conduct cross-site scripting and
> phishing attacks, bypass certain security restrictions, disclose
> sensitive information, and potentially compromise a user's system.
> 
> 1) An error exists where JavaScript can be injected into another
> page, which is currently loading. This can be exploited to execute
> arbitrary HTML and script code in a user's browser session in context
> of an arbitrary site.
> 
> 2) An error in the garbage collection in the JavaScript engine can be
> exploited to cause a memory corruption.
> 
> Successful exploitation may allow execution of arbitrary code.
> 
> 3) A boundary error in the CSS border rendering implementation may be
> exploited to write past the end of an array.
> 
> 4) An integer overflow in the handling of overly long regular
> expressions in JavaScript may be exploited to execute arbitrary
> JavaScript bytecode.
> 
> 5) Two errors in the handling of  "-moz-grid" and "-moz-grid-group"
> display styles may be exploited to execute arbitrary code.
> 
> 6) An error in the "InstallTrigger.install()" method can be exploited
> to cause a memory corruption.
> 
> 7) An unspecified error can be exploited to spoof the secure lock
> icon and the address bar by changing the location of a pop-up window
> in certain situations.
> 
> Successful exploitation requires that the "Entering secure site"
> dialog has been enabled (not enabled by default).
> 
> 8) It is possible to trick users into downloading malicious files via
> the "Save image as..." menu option.
> 
> 9) A JavaScript function created via an "eval()" call associated with
> a method of an XBL binding may be compiled with incorrect privileges.
> This can be exploited to execute arbitrary code.
> 
> 10) An error where the "Object.watch()" method exposes the internal
> "clone parent" function object can be exploited to execute arbitrary
> JavaScript code with escalated privileges.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 11) An error in the protection of the compilation scope of built-in
> privileged XBL bindings can be exploited to execute arbitrary
> JavaScript code with escalated privileges.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 12) An unspecified error can be exploited to execute arbitrary HTML
> and script code in a user's browser session in context of an
> arbitrary site via the window.controllers array.
> 
> 13) An error in the processing of a certain sequence of HTML tags can
> be exploited to cause a memory corruption.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 14) An error in the "valueOf.call()" and "valueOf.apply()" methods
> can be exploited to execute arbitrary HTML and script code in a
> user's browser session in context of an arbitrary site.
> 
> 15) Some errors in the DHTML implementation can be exploited to cause
> a memory corruption.
> 
> Successful exploitation may allow execution of arbitrary code.
> 
> 16) An integer overflow error in the processing of the CSS
> letter-spacing property can be exploited to cause a heap-based buffer
> overflow.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 17) An error in the handling of file upload controls can be exploited
> to upload arbitrary files from a user's system by e.g. dynamically
> changing a text input box to a file upload control.
> 
> 18) An unspecified error in the "crypto.generateCRMFRequest()" method
> can be exploited to execute arbitrary code.
> 
> 19) An error in the handling of scripts in XBL controls can be
> exploited to gain chrome privileges via the "Print Preview"
> functionality.
> 
> 20) An error in a security check in the "js_ValueToFunctionObject()"
> method can be exploited to execute arbitrary code via "setTimeout()"
> and "ForEach".
> 
> 21) An error in the interaction between XUL content windows and the
> history mechanism can be exploited to trick users into interacting
> with a browser user interface which is not visible.
> 
> Successful exploitation may allow execution of arbitrary code.
> 
> SOLUTION:
> Update to versions 1.0.8 or 1.5.0.2.
> http://www.mozilla.com/firefox/
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1, 9, 10, 12, 18, 20) shutdown
> 2) Igor Bukanov
> 3) Bernd Mielke
> 4) Alden D'Souza
> 5) Martijn Wargers
> 6) Bob Clary
> 7) Tristor
> 8) Michael Krax
> 11, 14, 21) moz_bug_r_a4
> 13, 16) TippingPoint and the Zero Day Initiative
> 17) Claus Jørgensen and Jesse Ruderman
> 19) Georgi Guninski
> 
> ORIGINAL ADVISORY:
> http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
> http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
> 



 




Copyright © Lexa Software, 1996-2009.