Multiple vulnerabilities in Mozilla Firefox and Mozilla Thunderbird

Posted: November 22, 2012 in Vulnerabilities
Tags: ,

Firefox logo

Multiple vulnerabilities

Vulnerability: Multiple vulnerabilities in Mozilla Firefox and Mozilla Thunderbird

Danger: High
Patch: Yes
Number of vulnerabilities: 19

Vector of operation: Remote
Impact:

– Cross Site Scripting;
– Security Bypass;
– System compromise.

Affected products: Mozilla Firefox 16.x, Mozilla Thunderbird 16.x

Affected versions: Mozilla Firefox versions prior to 17.0, Mozilla Thunderbird versions prior to 17.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An unspecified error. This can be exploited to corrupt memory and execute arbitrary code on the target system.

2. An error in the function of image :: RasterImage :: DrawFrameTo () when processing GIF images. This can be exploited to cause a buffer overflow on the target system.

3. An error in the function evalInSandbox () when processing properties location.href. This can be exploited to bypass certain security restrictions and the system read a local file.

4. An error in the processing of text files to configure SVG CSS properties. This can be exploited to corrupt memory.

5. The vulnerability is due to the fact that the address of “Javascript:” when opening a new tab page inherit privileges privileged page «new tab». This can be exploited to bypass security restrictions on the target system.

Note: Vulnerability № 5 only applies to Firefox

6. Vulnerable An integer overflow error in the function str_unescape (). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

7. The vulnerability is due to the fact that in the sandbox by XMLHttpRequest objects are created on the principles of the system, not on the principles of the sandbox. This can be exploited to implement CSRF-attack.

8. An error in the processing of XrayWrapper. This can be exploited to reveal chrome-only properties.

9. An error in the processing of certain wrapper. A remote user can bypass the same-origin policy and implement a cross-site scripting attack.

10. An error in the processing of coding HZ-GB-2312. This can be exploited to carry out cross-site scripting attack.

11. The vulnerability is due to the Developer Toolbar allows the script to be executed chrome privileged context.

Note: Vulnerability № 11 only applies to Firefox

12. An error in the processing of object location. A remote user can cause darkening of the property.

13. An error in the Style Inspector processing styles. A remote user can execute HTML and CSS code in the context of chrome priveligiirovannom

14. The vulnerability is due to an error after the release of the functions “nsTextEditorState :: PrepareEditor ()”, “nsPlaintextEditor :: FireClipboardEvent ()”, “gfxFont :: GetFontEntry ()”, “nsTextEditorState :: PrepareEditor ()”, “XPCWrappedNative: : Mark () “,” nsEditor :: FindNextLeafNode () “,” nsViewManager :: ProcessPendingUpdates () “, and” BuildTextRunsScanner :: BreakSink :: SetBreaks () “. A remote user can execute arbitrary code on the target system.

15. The vulnerability is due to an error in the function nsWindow :: OnExposeEvent () and gfxShapedWord :: CompressedGlyph :: IsClusterStart (). This can be exploited to cause a heap overflow and execute arbitrary code on the target system.

16. An error after release of html file. A remote user can execute arbitrary code on the target system.

Note: Vulnerability № 16 applies only to the version of the product for OS X.

17. The vulnerability is caused due to an unspecified error in the space divided texImage2D calls. This can be exploited to corrupt memory and execute arbitrary code on the target system.

18. The vulnerability is caused due to an integer overflow error in the data buffer webgl.

19. An error in the processing of copyTexImage2D image sizes. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

Manufacturer URL: http://www.mozilla.org

Solution: To resolve the vulnerability install the product, version 17.0 from the manufacturer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s