Skip to main content

Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 27 Mar 2008 4291 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

1. Due to an error in the handling of "XPCNativeWrappers", which could be exploited by attackers to execute arbitrary code by calling "setTimeout()".

2. Due to input validation errors when handling JavaScript, which could be exploited to execute arbitrary scripting code.

3. Due to memory corruption errors in the layout and JavaScript engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

4. Due to an error when handling certain HTTP "Referer:" headers, which could be exploited to bypass cross-site request forgery filters.

5. Due to an error in the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, which could be exploited by malicious web sites to potentially gain knowledge of sensitive information.

6. Due to improper parsing of the content origin passed from the browser to the Java plugin, which could be exploited by attackers to open socket connections to arbitrary ports on a vulnerable system ("localhost") via the "jar:" protocol.

7. Due to an error when handling XUL popups, which could be exploited by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user's login credentials for that site.