Some vulnerabilities have been reported in Moonlight, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security features, and potentially compromise a user's system.

1) The "RuntimeHelpers.InitializeArray" implementation does not properly restrict the modification of read-only values, which can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight's sandboxing limitations.

2) A race condition within the implementation of the Array.Copy "FastCopy" call can be exploited to e.g. crash plugins or corrupt the state of the security manager and bypass the Moonlight's sandboxing limitations by modifying read-only values.

3) An error within Moonlight's "DynamicMethod resurrection" implementation can be exploited to trigger a use-after-free condition.

4) An error when freeing unmanaged MonoThread instances can be exploited to e.g. disclose potentially sensitive information.

The vulnerabilities are reported in Moonlight 2.x prior to version 2.4.1.

Solution
Update to Moonlight 2.4.1.
Further details available to Secunia VIM customers

Provided and/or discovered by
The vendor credits Jeroen Frijters.

Original Advisory
http://www.mono-project.com/Vulnerabilities#Moonlight_RuntimeHelpers.InitializeArray_on_non-primitive_value_types
http://www.mono-project.com/Vulnerabilities#Moonlight_Race_in_Array.Copy_.22FastCopy.22_Internal_Call
http://www.mono-project.com/Vulnerabilities#Moonlight_DynamicMethod_Resurrection
http://www.mono-project.com/Vulnerabilities#Moonlight_Improper_Thread_Finalization

Deep Links
Links available to Secunia VIM customers