In Mozilla Firefox removed three critical vulnerabilities

Posted: May 16, 2013 in IT Security News, Security Notices
Tags: , , ,

Firefox logo

Multiple vulnerabilities

The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.

According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.

Experts was eliminated a totalĀ  of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.

Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications.

Furthermore, Firefox 21 was introduced mode Firefox Health Report, allows to prepare a report of the current rendering performance of the browser, to compare these data with other users, and configurations, etc.

Detailed description of vulnerabilities

Multiple vulnerabilities in Mozilla Firefox

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 6

CVE ID: CVE-2012-1942
CVE-2013-0801
CVE-2013-1669
CVE-2013-1670
CVE-2013-1672
CVE-2013-1673
CVE-2013-1674
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681

Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected products: Mozilla Firefox 20.x

Affected versions: Mozilla Firefox versions prior to 21.0

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. The vulnerability is caused due to an unspecified error. The removed user can cause damage of memory and compromise target system. Details aren’t disclosed.

2. The vulnerability is caused due to an unspecified error. This can be exploited to corrupt memory and potentially execute arbitrary code. Details aren’t disclosed.

3. The vulnerability is caused due to an error related to Chrome Object Wrappers (COW). This can be by reference to the content level constructor to bypass certain security restrictions.

4. An error use after release when resizing video object during its playback. This can be exploited to compromise a vulnerable system.

5. The vulnerability is caused due to an error in the function “_cairo_xlib_surface_add_glyph ()”. A remote user can execute arbitrary record.

6. The vulnerability is caused due to an error of use after the release of the functions of “mozilla :: plugins :: child :: _geturlnotify ()”, “nsFrameList :: FirstChild ()” and “nsContentUtils :: RemoveScriptBlocker ()”. This can be exploited to compromise a vulnerable system.

Manufacturer URL: http://www.mozilla.org/en-US/firefox/new/

Solution: Update to version 21.0 from a site of the producer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s