jump to navigation

Security alert from Mozilla Foundation February 8, 2006

Posted by peewitsol in Technical.
trackback

 ptw.gif

Security Alert, February 7, 2006 8 Vulnerabilities in Mozilla Suite, SeaMonkey Suite, Firefox, and Thunderbird

The following eight vulnerabilities exist in Mozilla Foundation’s Mozilla Suite, SeaMonkey Suite (the code name of a new version of Mozilla Suite), Thunderbird email client, and/or Firefox browser. The first vulnerability is rated critical, the next four are rated moderate, and the final three are rated low in terms of severity. The vulnerabilities are as follows: – XML could be injected into the browser’s localstore.rdf file, which would then be read by the browser at startup. The vulnerability could allow intruders to inject JavaScript code onto a user’s system.

– The browser contains integer overflow errors that could allow intruders to execute arbitrary code on an affected system.

– The products’ QueryInterface method contains a flaw that causes memory corruption, which could allow intruders to execute arbitrary code on an affected system.

– Dynamic changes to certain style elements could cause the browser to attempt operations on freed memory space, which could allow intruders to execute arbitrary code on an affected system.

– Specially crafted JavaScript objects could trigger “garbage collection,” which could cause the browser to attempt operations on freed memory space. The condition could allow intruders to execute arbitrary code on an affected system.

– Web pages with extremely long titles cause the browser to take a long time to start up, or to crash when the computer has insufficient memory available.

– The E4X AnyName object that’s used by the products’ JavaScript engine is unintentionally exposed to Web content, which could allow scripts to perform unauthorized actions.

– The products’ XML parser might read beyond the end of a buffer, which could cause the browser to crash.

Mozilla Foundation released updates to the products to correct these problems. For more information, go to

http://list.windowsitpro.com/t?ctl=20228:43C5FC

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: