Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2009-37
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Multiple Mozilla Firefox security vulnerabilities

  Mozilla Foundation Security Advisory 2009-40

  Mozilla Foundation Security Advisory 2009-39

  Mozilla Foundation Security Advisory 2009-36

  Mozilla Foundation Security Advisory 2009-35

From:MOZILLA
Date:22.07.2009
Subject:Mozilla Foundation Security Advisory 2009-37

Mozilla Foundation Security Advisory 2009-37

Title: Crash and remote code execution using watch and __defineSetter__ on SVG element
Impact: Critical
Announced: July 21, 2009
Reporter: PenPal
Products: Firefox

Fixed in: Firefox 3.5
 Firefox 3.0.12
Description

Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer.
Workaround

Disable JavaScript until a version containing these fixes can be installed.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=488995
   * CVE-2009-2469

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server