Информационная безопасность
[RU] switch to English

Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

  Mozilla Foundation Security Advisory 2010-33

  Mozilla Foundation Security Advisory 2010-32

  Mozilla Foundation Security Advisory 2010-31

Date:25 июня 2010 г.
Subject:Mozilla Foundation Security Advisory 2010-28

Mozilla Foundation Security Advisory 2010-28

Title: Freed object reuse across plugin instances
Impact: Critical
Announced: June 22, 2010
Reporter: Microsoft Vulnerability Research
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4
 Firefox 3.5.10
 SeaMonkey 2.0.5

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer.

   * https://bugzilla.mozilla.org/show_bug.cgi?id=532246
   * CVE-2010-1198

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород