Thread-topic: [SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
> ----------------------------------------------------------------------
>
> TITLE:
> Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA22722
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Cross Site Scripting, DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Mozilla Firefox 1.x
>
> Mozilla SeaMonkey 1.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Mozilla Firefox and
> Mozilla SeaMonkey, which can be exploited by malicious people to
> bypass certain security restrictions, conduct cross-site scripting
> attacks, and potentially compromise a vulnerable system.
>
> 1) The bundled Network Security Services (NSS) library contains an
> incomplete fix for the RSA signature verification vulnerability
> reported in MFSA 2006-60.
>
> For more information:
> SA21903
>
> 2) An error exists within the handling of Script objects. This can
> potentially be exploited to execute arbitrary JavaScript bytecode by
> modifying already running Script objects.
>
> 3) Some unspecified errors in the layout engine and memory corruption
> errors in the JavaScript engine can be exploited to crash the
> application and may allow execution of arbitrary code.
>
> 4) An unspecified error within XML.prototype.hasOwnProperty can
> potentially be exploited to execute arbitrary code.
>
> SOLUTION:
> Update to Mozilla Firefox 1.5.0.8 and SeaMonkey 1.0.6.
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Ulrich Kuehn
> 2) shutdown
> 3) Jesse Ruderman, Martijn Wargers, and Igor Bukanov
> 4) shutdown
>
> ORIGINAL ADVISORY:
> MFSA-2006-65:
>
>
> MFSA-2006-66:
>
>
> MFSA-2006-67:
>
>
