|Secunia||Mozilla Firefox / Thunderbird Multiple Vulnerabilities|
|30th Jul, 2014 20:13|
User Since: -
System Score: -
Location: Copenhagen, DK
Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) Some unspecified errors can be exploited to cause memory corruption.
2) Some other unspecified errors can be exploited to cause memory corruption.
3) An error when buffering Web Audio for playback can be exploited to cause a heap-based buffer overflow.
4) A use-after-free error related to ordering of control messages for Web Audio can be exploited to cause memory corruption.
5) A use-after-free error in DirectWrite when rendering MathML content can be exploited to cause memory corruption.
6) A use-after-free error when handling the FireOnStateChange event can be exploited to cause memory corruption.
8) The application bundles a vulnerable version of the Network Security Services (NSS) library.
For more information:
9) A use-after-free error when handling certain image data while performing scaling operations in the Skia library can be exploited to cause memory corruption.
Successful exploitation of vulnerabilities #1 through #9 may allow execution of arbitrary code.
10) An error related to iframe elements when handling network redirects can be exploited to bypass iframe sandboxing restrictions.
NOTE: Additionally this fixes a weakness, which can be exploited to manipulate certain icons within the UI.
The vulnerabilities are reported in versions prior to 31.0.
|Ih4VzjBEESIySb8f||RE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities|
|30th Jul, 2014 20:13|
User Since: 9th Dec 2011
System Score: N/A
Last edited on 30th Jul, 2014 20:13
|You state that Thunderbird will be upgraded to version 25.7.0. I am running the most recent version which is 31.0. Which is correct?|
|taffy078||RE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities|
|31st Jul, 2014 09:16|
User Since: 26th Feb 2009
System Score: 100%
This section is used by Secunia to announce issues. It is not normally used for discussions.
May I suggest that you repost your reply as a new thread in the PSI section. You might also want to read this thread there:
taffy078, West Yorkshire, UK
HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7