Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 28.10.2009
Published:05.11.2009
Source:
SecurityVulns ID:10356
Type:remote
Threat Level:
8/10
Description:Buffer ovefflows, privilege escalation, information leak, crossite scripting.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
CVE:CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.)
 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.)
 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.)
 CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.)
 CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects.")
 CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.)
 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.)
 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.)
 CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, possibly related to the Archive Manager component. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1563 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.)
Original documentdocumentdisclosure_(at)_contextis.co.uk, Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox (05.11.2009)
 documentIDEFENSE, iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability (29.10.2009)
 documentSECUNIA, Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability (28.10.2009)
 documentJeremy Brown, Mozilla Firefox 3.5.3 Local Download Manager Exploit (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-64 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-63 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-62 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-61 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-59 (28.10.2009)
 documentMOZILLA, You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-57 Mozilla Foundation Security Advisory 2009-57 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-56 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-55 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-54 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-53 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-52 (28.10.2009)
Files:Mozilla Firefox 3.5.3 Local Download Manager Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod