Firefox version 3.0.1 (final release) suffers from an unspecified remote code execution vulnerability.
6b29cd17dad920f95700394f167e1dd62ff0044187a945c553e4d426532288a9Mozilla Firefox version 14.01 memory exhaustion denial of service exploit.
1307f82ab4994f1d6434a37567d89794f3ad0c0d1531cef086c7b718d547c686Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6aSecunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.
34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94Zero Day Initiative Advisory 12-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. Successful exploitation of this vulnerability will lead to code execution in the context of the browser.
f0da9b5ef6fab41061ead47f03f210ae169ca522e644b97eac719b6f7a7aa4dbMandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.
fc759a56d0fd0415fcdc1530461fc3a3b4be19990db69c21c30eed023857e0e8Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. This causes the address of the previously site entered to be displayed in the address bar instead of the currently loaded page. This could lead to potential phishing attacks on users. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. Various other issues were also addressed.
1ce982533aa61dcb970d364a88b5efa396148d382b7871b4cc8d8b1681a6aafbSecunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
f8ece62afc884cf65b261b5719c6466a3b7e0223e1c0449f6c96743abbb0c8f1Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
b3114ea884f13655386b965768c93138061980b71da0d1697974b5ab7d19874fSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
e83f31d81e61bdd3861c86314dbb06275c27efa9da3e297c59447ee8f2d45c08Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37 and -current to fix security issues.
0fe3a5c29502f07945a64923b1d89ec43de7af314e8be1821be25a414eba2195Ubuntu Security Notice 1509-2 - USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
b1ee2d19edb1e54a769ce1ce1b5a11a33062791df60b43418b7c279fd06fdf69Debian Linux Security Advisory 2514-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
08ed07a52f9fc632f7d8f0aac7a681d5acb3c3af3b1df7538cb4e59ae3d36fa4Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
64a4ec4972f41ff6a4d06d3adcc912079a790b94f2c5fb54f0e5d26dabbe1896Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
0f825cf0c138d26ba45c0a8e993bb9e2046fe3579dca6129ee7ee403dea1e553Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
a4eb4b9de1ce5cbd28ed980c6239c941877de08af4eee9399df2938af61e201bRed Hat Security Advisory 2012-1088-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could bypass same-compartment security wrappers and execute arbitrary code with chrome privileges.
cea61bdad88e780e60f101448dadc4a4dbf7b97d031f7ebf93e805451b42fcdfZero Day Initiative Advisory 12-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. Subsequent use of this pointer allows for remote code execution.
75a17d05bb1ce9d85c18a44c0f62f0d23ba1f077eab5fccd0a2a8d01acd33897Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
25ad29d41bde009fefb9a337f7247199b62531201b03a95af1937b1f9fca28b3Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.
59ced9782d0d884adbabdccc45bd2f21a57bf35bf61f045b944aa6e782018601Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Various other issues have also been addressed.
1603e02157910f2d331b08402bdd06ee196b6de4cff5207982f9aa86d63b323fUbuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.
861b51dc87677fb2e6108a42e3cff34c27ba457502d7e8c3880ae63e8d320f46Ubuntu Security Notice 1463-3 - USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem.
ba162d66d7529f0e60fc66e5bcb0dabe575b445646108e5bf6adf85ef582fc53This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.
e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972Secunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, and xulrunner. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
114cf73dc41a6de9c80b49546871a88d3f7916bb986f313df2c81ef9940b69eaSecunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
1b3e72883c2f6a897172f1545e6513ce1e398d79aaf201099404486767487f54
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed