Jump to content

Advisories MDVSA-2010:173: firefox


paul
 Share

Recommended Posts

Security issues were identified and fixed in firefox and

mozilla-thinderbird:

 

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7

do not properly restrict read access to the statusText property of

XMLHttpRequest objects, which allows remote attackers to discover

the existence of intranet web servers via cross-origin requests

(CVE-2010-2764).

 

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before

3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x

before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote

attackers to inject arbitrary web script or HTML via a selection that

is added to a document in which the designMode property is enabled

(CVE-2010-2769).

 

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do

not properly restrict use of the type attribute of an OBJECT element

to set a document's charset, which allows remote attackers to bypass

cross-site scripting (XSS) protection mechanisms via UTF-7 encoding

(CVE-2010-2768).

 

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka

SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and

Thunderbird 3.1.x before 3.1.3 does not properly restrict objects

at the end of scope chains, which allows remote attackers to execute

arbitrary JavaScript code with chrome privileges via vectors related

to a chrome privileged object and a chain ending in an outer object

(CVE-2010-2762).

 

The normalizeDocument function in Mozilla Firefox before 3.5.12 and

3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,

and SeaMonkey before 2.0.7 does not properly handle the removal of

DOM nodes during normalization, which might allow remote attackers

to execute arbitrary code via vectors involving access to a deleted

object (CVE-2010-2766).

 

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and

3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,

and SeaMonkey before 2.0.7 does not properly handle node removal in

XUL trees, which allows remote attackers to execute arbitrary code

via vectors involving access to deleted memory, related to a dangling

pointer vulnerability. (CVE-2010-3167)

 

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not

properly restrict the role of property changes in triggering XUL tree

removal, which allows remote attackers to cause a denial of service

(deleted memory access and application crash) or possibly execute

arbitrary code by setting unspecified properties (CVE-2010-3168).

 

Use-after-free vulnerability in the nsTreeSelection function in Mozilla

Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before

3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow

remote attackers to execute arbitrary code via vectors involving a XUL

tree selection, related to a dangling pointer vulnerability. NOTE:

this issue exists because of an incomplete fix for CVE-2010-2753

(CVE-2010-2760).

 

Integer overflow in the FRAMESET element implementation in Mozilla

Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7

and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote

attackers to execute arbitrary code via a large number of values in the

cols (aka columns) attribute, leading to a heap-based buffer overflow

(CVE-2010-2765).

 

Heap-based buffer overflow in the nsTextFrameUtils::TransformText

function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,

Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before

2.0.7 might allow remote attackers to execute arbitrary code via a

bidirectional text run (CVE-2010-3166).

 

The navigator.plugins implementation in Mozilla Firefox before 3.5.12

and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before

3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction

of the DOM plugin array, which might allow remote attackers to cause

a denial of service (application crash) or execute arbitrary code

via crafted access to the navigator object, related to a dangling

pointer vulnerability. (CVE-2010-2767)

 

Multiple unspecified vulnerabilities in the browser engine in

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow

remote attackers to cause a denial of service (memory corruption and

application crash) or possibly execute arbitrary code via unknown

vectors (CVE-2010-3169).

 

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

Additionally, some packages which require so, have been rebuilt and

are being provided as updates. The NSS and NSPR packages has been

upgraded to the latest versions. The rootcerts package has been

upgraded to the latest CVS version (as of 2010/08/27).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...