Advisory Content (Page 1 of 3)Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user's system.
1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
2) An error in the garbage collection process when handling a set of cloned XUL DOM elements linked as a parent and child can be exploited to access freed memory and execute arbitrary code.
3) An error can be exploited via the "nsIRDFService" interface and a cross-domain redirect to bypass the same-origin policy and read XML data from another domain.
4) An error in libpng when handling out-of-memory conditions can be exploited to potentially execute arbitrary code.
For more information:
SA33970
5) An error when handling invisible control characters included in the location bar can be exploited to spoof a trusted URL.
The vulnerabilities are reported in versions prior to 3.0.7.