Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Pale Moon Use-After-Free and Security Bypass Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Pale Moon Use-After-Free and Security Bypass Vulnerabilities

Secunia Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Secunia Official 30th Aug, 2012 01:18
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Two vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

For more information see vulnerabilities #7 and #9 in:
SA49366

The vulnerabilities are reported in version 12.2.1. Prior versions may also be affected.

howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 01:18
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Last edited on 30th Aug, 2012 01:18
PSI3 latest version is trying to autodownload and install Pale Moon 12.3, but it appears to be stuck and not updating anything. Perhaps that is because the latest version of Pale Moon is 15.0

--
howiem
Was this reply relevant?
+0
-0
howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 01:47
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Last edited on 30th Aug, 2012 01:47
PSI3 latest version is trying to autodownload and install Pale Moon 12.3, but it appears to be stuck and not updating anything. Perhaps that is because the latest version of Pale Moon is 15.0

--
howiem
Was this reply relevant?
+0
-0
Anthony Wells RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Expert Contributor 30th Aug, 2012 14:56
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 30th Aug, 2012 15:09
HI ,

As support have not responded and according to the Pale Moon Release notes version 12 is "discontinued" and version 15 includes "security fixes" :-

http://www.palemoon.org/releasenotes-ng.shtml

plus ,Secunia are loathe to update across platforms when "both are supported and or secure . I would suggest you contact support@secunia.com direct by email and advise them of this detection problem .

EDIT : Do you 1)have version 15 loaded and detected by the PSI and/or 2) also have an old file of 12 that the PSI is reacting to ??

Which version of the PSI areyou using ??

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
howiem9999 RE: Pale Moon Use-After-Free and Security Bypass Vulnerabilities
Member 30th Aug, 2012 21:09
Score: 2
Posts: 31
User Since: 8th Dec 2008
System Score: 100%
Location: TH
Hi Anthony,
I am using PSI 3.0.0.3001 which I downloaded and installed on 27 July 2012.
You are right, I did have a second installation on my C drive (V. 12) which I just uninstalled after seeing your note. However, I ran a new scan with PSI and it is still detecting version 12 on my D drive even though I had installed version 15. One strange thing was that although properties initially showed version 15, after I removed version 12 from the C drive, the D drive installation began showing version 12.x. I finally removed Pale Moon completely and did a cleanup and PSI no longer detects it.

Thanks for the quick response.

--
howiem
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability