Mozilla Firefox Multiple Vulnerabilities

[Stocker360]

Advisory Content (Page 1 of 3)

Description:

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

 

1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.

 

2) An error in the garbage collection process when handling a set of cloned XUL DOM elements linked as a parent and child can be exploited to access freed memory and execute arbitrary code.

 

3) An error can be exploited via the "nsIRDFService" interface and a cross-domain redirect to bypass the same-origin policy and read XML data from another domain.

 

4) An error in libpng when handling out-of-memory conditions can be exploited to potentially execute arbitrary code.

 

For more information:

SA33970

 

5) An error when handling invisible control characters included in the location bar can be exploited to spoof a trusted URL.

 

The vulnerabilities are reported in versions prior to 3.0.7.

 

http://secunia.com/advisories/34145/

[Icedrake]

The vulnerabilities are reported in versions prior to 3.0.7.

Prior to versions 3.0.7. which means that they could be fixed in the new releases (3.1).