Thread-topic: [SA23282] Mozilla Firefox Multiple Vulnerabilities
>
> TITLE:
> Mozilla Firefox Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23282
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Cross Site Scripting, Exposure of sensitive information, DoS, System
> access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Mozilla Firefox 1.x
>
> Mozilla Firefox 2.0.x
>
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Mozilla Firefox, which
> can be exploited by malicious people to gain knowledge of certain
> information, conduct cross-site scripting attacks, and potentially
> compromise a user's system.
>
> 1)Various errors in the layout engine and JavaScript engine can be
> exploited to cause memory corruption and some may potentially allow
> execution of arbitrary code.
>
> 2) An error when reducing the CPU's floating point precision, which
> may happen on Windows when loading a plugin creating a Direct3D
> device, may cause the "js_dtoa()" function to not exit and instead
> cause a memory corruption.
>
> 3) A boundary error when setting the cursor to a Windows bitmap using
> the CSS cursor property can be exploited to cause a heap-based buffer
> overflow.
>
> 4) An unspecified error in the "watch()" JavaScript function can be
> exploited to execute arbitrary code.
>
> 5) An error in LiveConnect causes an already freed object to be used
> and may potentially allow execution of arbitrary code.
>
> 6) An error in the handling of the "src" attribute of IMG elements
> loaded in a frame can be exploited to change the attribute to a
> "javascript:" URI. This allows execution of arbitrary HTML and script
> code in a user's browser session.
>
> 7) A memory corruption error within the SVG processing may allow
> execution of arbitrary code by appending an SVG comment DOM node from
> one document into another type of document (e.g. HTML).
>
> 8) The "Feed Preview" feature of Firefox 2.0 may leak feed-browsing
> habits to websites when retrieving the icons of installed web-based
> feed viewers.
>
> 9) A Function prototype regression in Firefox 2.0 can be exploited to
> execute arbitrary HTML and script code in a user's browser session.
>
> SOLUTION:
> Update to version 1.5.0.9 or 2.0.0.1.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits the following:
> 1) Andrew Miller, David Baron, moz_bug_r_a4, Georgi Guninski, Jesse
> Ruderman, Olli Pettay, Igor Bukanov, and Vladimir Vukicevic.
> 2) Keith Victor
> 3) Frederik Reiss
> 4) Shutdown
> 5) Steven Michaud
> 6) moz_bug_r_a4
> 7) An anonymous person via ZDI.
> 8) Jared Breland
> 9) moz_bug_r_a4
>
> ORIGINAL ADVISORY:
> Mozilla:
>
>
>
>
>
>
>
>
>
