TITLE:
Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22722
VERIFY ADVISORY:
http://secunia.c
om/advisories/22722/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, DoS, System access
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/p
roduct/4227/
Mozilla SeaMonkey 1.x
http://secunia.com/p
roduct/9126/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox
and
Mozilla SeaMonkey, which can be exploited by malicious
people
to
bypass certain security restrictions, conduct cross-site
scripting
attacks, and potentially compromise a vulnerable system.
1) The bundled Network Security Services (NSS) library
contains
an
incomplete fix for the RSA signature verification
vulnerability
reported in MFSA 2006-60.
For more information:
SA21903
2) An error exists within the handling of Script objects.
This
can
potentially be exploited to execute arbitrary JavaScript
bytecode by
modifying already running Script objects.
3) Some unspecified errors in the layout engine and memory
corruption
errors in the JavaScript engine can be exploited to crash
the
application and may allow execution of arbitrary code.
4) An unspecified error within XML.prototype.hasOwnProperty
can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Mozilla Firefox 1.5.0.8 and SeaMonkey 1.0.6.
ORIGINAL ADVISORY:
MFSA-2006-65:
http://www.mozilla.org/security/announce/2006/mfsa
2006-65.html
MFSA-2006-66:
http://www.mozilla.org/security/announce/2006/mfsa
2006-66.html
MFSA-2006-67:
http://www.mozilla.org/security/announce/2006/mfsa
2006-67.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|