Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Mozilla Firefox
Опубликовано:22 июля 2009 г.
Источник:
SecurityVulns ID:10089
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, межсайтовый доступ, целочисленные переполнения, переполнения буфера.
Затронутые продукты:MOZILLA : Firefox 3.5
CVE:CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.)
 CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass.")
 CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.)
 CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.)
 CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.)
 CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function.)
 CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.)
 CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.)
 CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-40 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-39 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-37 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-36 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-35 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-34 (22.07.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-41 (22.07.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород