Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Mozilla Firefox / Thunderbird Multiple Vulnerabilities

-

Release Date:  2012-10-10    Last Update:  2012-10-24    Views:  3,366

Secunia Advisory SA50856

Where:

From remote

Impact:

Security Bypass, Cross Site Scripting, Spoofing, System access

Solution Status:

Unpatched

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) Several unspecified errors in the browser engine can be exploited to corrupt memory.

2) An error when handling the "<select>" dropdown menu can be exploited to display arbitrary content while showing the URL of another site.

3) An error when handling the "document.domain" properly can be exploited to bypass the same origin policy and e.g. execute script code in the context of another domain.

4) Some errors can be exploited to bypass checks for the DOMWindowUtils class and call restricted methods.

5) An error when transitioning into Reader Mode does not properly sanitise content and can be exploited to conduct cross-site scripting attacks.

Note: This vulnerability only affects Firefox for Android.

6) A use-after-free error exists when invoking full screen mode and navigating backwards in history.

7) An invalid cast error exists when using the instanceof operator on certain JavaScript objects.

8) An error when invoking the "GetProperty()" function via JSAPI can be exploited to bypass certain checks and execute arbitrary code.

9) An error when handling the "location" property via binary plugins can be exploited to conduct cross-site scripting attacks.

10) An error within Chrome Object Wrapper (COW) when handling the "InstallTrigger" object can be exploited to access certain privileged functions and properties.

11) An error when handling the "location.hash" property and history navigation can be exploited to e.g. display an arbitrary site or execute arbitrary script code.

12) An out-of-bounds read error exists within the "IsCSSWordSpacingSpace()" function.

13) A use-after-free error exists within the "nsHTMLCSSUtils::CreateCSSPropertyTxn()" function.

14) An error within the "nsHTMLEditor::IsPrevCharInNodeWhitespace()" function can be exploited to cause a heap-based buffer overflow.

15) A use-after-free error exists within the "nsSMILAnimationController::DoSample()" function.

16) A use-after-free error exists within the "nsTextEditRules::WillInsert()" function.

17) A use-after-free error exists within the "DOMSVGTests::GetRequiredFeatures()" function.

18) An error within the "nsCharTraits::length()" function can be exploited to cause a buffer overflow.

19) An error within the "nsWaveReader::DecodeAudioData()" function can be exploited to cause a heap-based buffer overflow.

20) An error within the "insPos" property can be exploited to corrupt memory.

21) An error within the "Convolve3x3()" function can be exploited to cause a heap-based buffer overflow.

22) A use-after-free error exists within the "nsIContent::GetNameSpaceID()" function.


Solution:
Upgrade to version 16.

Provided and/or discovered by:
The vendor credits:
1) Henrik Skupin, Jesse Ruderman, moz_bug_r_a4, Christian Holler, and Jesse Ruderman.
2) David Bloom, Cue
3) Collin Jackson
4) Johnny Stenback
5) Warren He
6) Soroush Dalili
7) Ms2ger
8) Alice White
9, 10, 11) Mariusz Mlynski
12 - 17) Abhishek Arya (Inferno), Google Chrome Security Team
18 - 21) Atte Kettunen, OUSPG
22) miaubiz

Original Advisory:
Mozilla:
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-78.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-80.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Mozilla Firefox / Thunderbird Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability