Multiple vulnerabilities in Mozilla products

Posted: January 9, 2013 in Vulnerabilities
Tags: , , , ,

Vulnerability

Vulnerabilities in Mozilla

Vulnerability: Multiple vulnerabilities in Mozilla products

Danger: High
Patch: Yes
Number of vulnerabilities: 25

Affected products: Mozilla Firefox 17.x, Mozilla SeaMonkey 2.x, Mozilla Thunderbird 17.x

Affected versions: Mozilla Firefox 17.x, Mozilla SeaMonkey 2.x, Mozilla Thunderbird 17.x

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system.

2. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system.

3. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system.

4. An error in the function CharDistributionAnalysis :: HandleOneChar (). This can be exploited to cause a buffer overflow. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

5. An error use after release function imgRequest :: OnStopFrame (). A remote user can execute arbitrary code on the target system.

6. An error after release of ~ nsHTMLEditRules. A remote user can execute arbitrary code on the target system.

7. An error use after release function mozilla :: TrackUnionStream :: EndTrack (). A remote user can execute arbitrary code on the target system.

8. An error after release of Mesa resizing WebGL canvas. A remote user can execute arbitrary code on the target system.

9. An error in the function gfxTextRun :: ShrinkToLigatureBoundaries (). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

10. An error in the function nsWindow :: OnExposeEvent (). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

11. The vulnerability is caused due to an error related to the width and height values โ€‹โ€‹of the canvas, resulting in HTML. This can be exploited to cause a buffer overflow on the stack and execute arbitrary code on the target system.

12. An error when loading a page. This can be sub-menu displays in the address bar URL.

13. An error after release of the mapping table with many columns and groups of columns. A remote user can execute arbitrary code on the target system.

14. An error in the function nsSOCKSSocketInfo :: ConnectToProxy () when processing SSL threads. A remote user can execute arbitrary code on the target system.

15. The vulnerability is due to the fact that the class does not save AutoWrapperChanger certain objects in the collection of garbage. A remote user can execute arbitrary code on the target system.

16. The vulnerability is caused due to an error related to quickstubs. This can be due to improper selection of units that will cause the appearance of improper garbage collection with the ability to execute arbitrary code on the target system.

17. An error related to the plugin handler. A remote user can bypass the same-origin policy.

18. An error in the function XBL.__proto__.toString (). This can be exploited to disclose the layout of the address.

19. The vulnerability is caused due to concatenate an integer overflow error in determining the line of JavaScript. This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

20. An error related to the XBL file storing multiple XML connection with SVG content. A remote user can execute arbitrary code on the target system.

21. An error in the function Object.prototype.__proto__ (). A remote user can Chrome Object Wrappers (COW), to gain access to privileged system and execute arbitrary code on the target system.

22. An error related to the plugin object. A remote user can open the web-page with the privilege of chrome and execute arbitrary code on the target system.

23. An error use after release function XMLSerializer.serializeToStream () and execute arbitrary code on the target system.

24. An error in the forced collectivization in ListenerManager debris. A remote user can execute arbitrary code on the target system.

25. An error after release of the library Vibrate, related domDoc pointer. A remote user can execute arbitrary code on the target system.

Manufacturer URL: http://www.mozilla.org/

Solution: The vulnerabilities patch from the manufacturer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s