New Firefox Vulnerabilities
Posted: 10/12/10 by komz in Etiquetas: firefox vulnerability, Memory Corruption Vulnerability, Security Bypass Vulnerability1. Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
Mozilla Firefox and SeaMonkey are prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or crash the application.
This issue is fixed in:
Firefox 3.6.13
Firefox 3.5.16
SeaMonkey 2.0.11
2. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-74 -82, 84 Multiple Vulnerabilities
The Mozilla Foundation has released multiple security advisories specifying vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.
These vulnerabilities allow attackers to execute arbitrary code in the context of the vulnerable application, crash affected applications, and elevate privileges; other attacks may also be possible.
These issues are fixed in:
Firefox 3.6.13
Firefox 3.5.16
Thunderbird 3.0.11
Thunderbird 3.1.7
SeaMonkey 2.0.11
3. Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
Mozilla Firefox and SeaMonkey are prone to a use-after-free memory corruption vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user into viewing a page containing malicious content. A successful exploit will result in the execution of arbitrary code in the context of the user running the affected application.
This issue is fixed in:
Firefox 3.6.13
Firefox 3.5.16
SeaMonkey 2.0.11
NOTE: This issue was previously covered in BID 45322 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-74 -82, 84 Multiple Vulnerabilities), but has been assigned its own record to better document it.
4. Mozilla Firefox Pseudo URL Same Origin Policy Security Bypass Vulnerability
Mozilla Firefox is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass the same-origin policy. Successful exploits may allow attacker to mislead unsuspecting victims, steal sensitive information, or launch other attacks.
REFERENCES.
Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.
fuente: securityfocus.com
