Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2009-54
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Seamonkey multiple security vulnerabilities

  Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox

  iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

  Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability

  Mozilla Firefox 3.5.3 Local Download Manager Exploit

From:MOZILLA
Date:28.10.2009
Subject:Mozilla Foundation Security Advisory 2009-54

Mozilla Foundation Security Advisory 2009-54

Title: Crash with recursive web-worker calls
Impact: Critical
Announced: October 27, 2009
Reporter: Orlando Berrera
Products: Firefox 3.5

Fixed in: Firefox 3.5.4
Description

Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer.

Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=514554
   * CVE-2009-3371

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server