Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Various Mozilla suite components, including Firefox, were updated to fix various bugs and security issues.
Mozilla Firefox was updated to version 3.6.12.
On SUSE Linux Enterprise 10 Service Pack 3, Mozilla Firefox was updated to version 3.5.15.
Mozilla Seamonkey on openSUSE was updated to 2.0.10.
Mozilla Thunderbird on openSUSE was updated to 3.0.10.
Mozilla XULRunner 1.9.2 was updated to 1.9.2.12.
Mozilla XULRunner 1.9.1 was updated to 1.9.1.15.
Mozilla NSS was updated to 3.12.8.
Mozilla NSPR was updated to 4.8.6.
Those updates have been released over the last week, up to last Friday.
The following security issues were fixed:
MFSA 2010-64:
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
* Memory safety bugs - Firefox 3.6, Firefox 3.5
* CVE-2010-3176
Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only.
* Memory safety bugs - Firefox 3.6
* CVE-2010-3175
CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.
CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.
CVE-2010-3183: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a prev ...
Description truncated, for more information please check the Reference URL
Affected
MozillaFirefox,seamonkey,MozillaThunderbird on openSUSE 11.1, openSUSE 11.2
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities