firefox
Page content
- Author: Miklos Vajna
- Vulnerable: 3.0.6-1solaria1
- Unaffected: 3.0.7-1solaria1
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user’s system.
- Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
- An error in the garbage collection process when handling a set of cloned XUL DOM elements linked as a parent and child can be exploited to access freed memory and execute arbitrary code.
- An error can be exploited via the “nsIRDFService” interface and a cross-domain redirect to bypass the same-origin policy and read XML data from another domain.
- An error in libpng when handling out-of-memory conditions can be exploited to potentially execute arbitrary code.
- An error when handling invisible control characters included in the location bar can be exploited to spoof a trusted URL.
- Bug Tracker URL: http://bugs.frugalware.org/task/3667
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777