TITLE:
Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA25469
VERIFY ADVISORY:
http://secunia.c
om/advisories/25469/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive
information,
DoS,
System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-05-31
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/p
roduct/4227/
Mozilla Firefox 2.0.x
http://secunia.com/
product/12434/
DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox,
which can
be exploited by malicious people to conduct spoofing
attacks,
bypass
certain security restrictions, and potentially compromise a
user's
system.
1) Errors in the JavaScript engine can be exploited to cause
memory
corruption and potentially to execute arbitrary code.
2) An error in the "addEventListener" method can
be exploited
to
inject script into another site, circumventing the
browser's
same-origin policy. This could be used to access or modify
sensitive
information from the other site.
3) An error in the handling of XUL popups can be exploited
to
spoof
parts of the browser such as the location bar.
SOLUTION:
Update to version 2.0.0.4 or 1.5.0.12.
ORIGINAL ADVISORY:
1)
http://www.mozilla.org/security/announce/2007/mfsa
2007-12.html
2)
http://www.mozilla.org/security/announce/2007/mfsa
2007-16.html
3)
http://www.mozilla.org/security/announce/2007/mfsa
2007-17.html
OTHER REFERENCES:
US-CERT VU#751636:
http://www.kb.c
ert.org/vuls/id/751636
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
