navigation bar left navigation bar right

navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Pale Moon Use-After-Free and Security Bypass Vulnerabilities

-

Release Date:  2012-07-19    Views:  4,860

Secunia Advisory SA49981

Where:

You need to log in to view this

Impact:

You need to log in to view this

Solution Status:

You need to log in to view this

Software:

You need to log in to view this

CVE Reference(s):

You need to log in to view this

Description


Two vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system


You need to log in to the Secunia Community to view the full description of this advisory

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Pale Moon Use-After-Free and Security Bypass Vulnerabilities

User Message
howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 01:18
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Last edited on 30th Aug, 2012 01:18
PSI3 latest version is trying to autodownload and install Pale Moon 12.3, but it appears to be stuck and not updating anything. Perhaps that is because the latest version of Pale Moon is 15.0

--
howiem
Was this reply relevant?
+0
-0
howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 01:47
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Last edited on 30th Aug, 2012 01:47
PSI3 latest version is trying to autodownload and install Pale Moon 12.3, but it appears to be stuck and not updating anything. Perhaps that is because the latest version of Pale Moon is 15.0

--
howiem
Was this reply relevant?
+0
-0
Anthony Wells RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Expert Contributor 30th Aug, 2012 14:56
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 30th Aug, 2012 15:09
HI ,

As support have not responded and according to the Pale Moon Release notes version 12 is "discontinued" and version 15 includes "security fixes" :-

http://www.palemoon.org/releasenotes-ng.shtml

plus ,Secunia are loathe to update across platforms when "both are supported and or secure . I would suggest you contact support@secunia.com direct by email and advise them of this detection problem .

EDIT : Do you 1)have version 15 loaded and detected by the PSI and/or 2) also have an old file of 12 that the PSI is reacting to ??

Which version of the PSI areyou using ??

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 21:09
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Hi Anthony,
I am using PSI 3.0.0.3001 which I downloaded and installed on 27 July 2012.
You are right, I did have a second installation on my C drive (V. 12) which I just uninstalled after seeing your note. However, I ran a new scan with PSI and it is still detecting version 12 on my D drive even though I had installed version 15. One strange thing was that although properties initially showed version 15, after I removed version 12 from the C drive, the D drive installation began showing version 12.x. I finally removed Pale Moon completely and did a cleanup and PSI no longer detects it.

Thanks for the quick response.

--
howiem
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+