Peaches Posted February 5, 2009 Report Share Posted February 5, 2009 Mozilla Firefox Multiple Vulnerabilities Secunia Advisory: SA33799 Release Date: 2009-02-04 Critical: Highly critical Impact: Security BypassCross Site ScriptingExposure of system informationExposure of sensitive informationSystem accessWhere: From remote Solution Status: Vendor Patch Software:Mozilla Firefox 3.xSubscribe: Instant alerts on relevant vulnerabilities CVE reference:CVE-2009-0352CVE-2009-0353CVE-2009-0354CVE-2009-0355CVE-2009-0356CVE-2009-0357CVE-2009-0358Description:Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system. 1) Multiple errors in the layout engine can be exploited to cause memory corruptions and potentially execute arbitrary code.2) Multiple errors in the Javascript engine can be exploited to cause memory corruptions and potentially execute arbitrary code.3) A chrome XBL method can be used in combination with "window.eval" to execute arbitrary Javascript code in the context of another web site Solution:Update to version 3.0.6. Secunia Advisories for full details - http://secunia.com/advisories/33799/ Quote Link to post Share on other sites
Peaches Posted February 5, 2009 Author Report Share Posted February 5, 2009 4 February 2009, 10:36 Firefox 3.0.6 fixes vulnerabilities Firefox 3.0.6 has been released, fixing several vulnerabilities in the open source browser. Version 3.0.6 fixes six bugs, one of which is an issue related to JavaScript that affects the browsers layout engine. The update fixes a critical vulnerability, also found in Mozilla's Thunderbird e-mail client and the SeaMonkey Internet Suite, which can allow an attacker to gain access to exploited machines. The update improves stability and improves scripting commands, including those found in popular extensions like Adblock Plus. For privacy, the client user ID has now been removed from the crash reports. Firefox 3.0.6 is available to download, or Firefox users can use the Firefox update service by selecting Help, then Check For Updates. See also: Firefox 3.0.5 fixes three critical vulnerabilities, a heise online UK report. (crve) Heise security: http://www.heise-online.co.uk/security/Fir...s--/news/112555 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.