Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Mozilla Firefox
дополнено с 10 сентября 2009 г.
Опубликовано:11 сентября 2009 г.
Источник:
SecurityVulns ID:10231
Тип:клиент
Уровень опасности:
7/10
Описание:Выполнение кода, повреждение памяти, подмена адреса, скрытая установка сертификата.
Затронутые продукты:MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
CVE:CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.)
 CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.)
 CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability.")
 CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.)
 CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentDan Kaminsky, Firefox <3.0.14 Multiplatform RCE via pkcs11.addmodule (11.09.2009)
 documentZDI, ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability (11.09.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-51 (10.09.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-50 (10.09.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-49 (10.09.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-48 (10.09.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-47 (10.09.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород