Jump to content
Sign in to follow this  

Advisories MDVSA-2010:147: firefox

Recommended Posts

Security issues were identified and fixed in firefox:


layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not

properly free memory in the parameter array of a plugin instance,

which allows remote attackers to cause a denial of service (memory

corruption) or possibly execute arbitrary code via a crafted

HTML document, related to the DATA and SRC attributes of an OBJECT

element. NOTE: this vulnerability exists because of an incorrect fix

for CVE-2010-1214 (CVE-2010-2755).


Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:



Additionally, some packages which require so, have been rebuilt and

are being provided as updates. The python packages contained a small

dependency problem on 2008.0/2009.0/MES5 that is addressed as well

with this advisory.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...