Skip to main content

Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Last Update Date: 18 Aug 2011 12:01 Release Date: 18 Aug 2011 5802 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.

 

Firefox 3.6.x/Thunderbird 3.1.x:

  1. Some unspecified errors can be exploited to corrupt memory.
  2. An error exists within the "SVGTextElement.getCharNumAtPosition()" function.
  3. An error within the event management code can be exploited to execute arbitrary JavaScript with chrome privileges.
  4. A use-after-free error exists within the handling of the appendChild object.
  5. An error when dropping a tab element in content areas can be exploited to execute arbitrary code with chrome privileges.
  6. An error within the "ThinkPadSensor::Startup()" function loads libraries in an insecure manner and can be exploited to load arbitrary libraries.
  7. An error when handling the "RegExp.input()" function can be exploited to read data from other domains.

Firefox 5.x/Thunderbird 5.x:

  1. Some unspecified errors can be exploited to corrupt memory.
  2. An error in the handling of JAR file permissions can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site.
    NOTE: This vulnerability does not affect Mozilla Thunderbird.
  3. An error within WebGL can be exploited to cause a buffer overflow via an overly long shader string.
  4. An error within the WebGL's ANGLE library can be exploited to cause a heap-based buffer overflow.
  5. A use-after-free error exists within the "SVGTextElement.getCharNumAtPosition()" function.
  6. An error within Content Security Policy can lead to proxy authorization credentials being leaked or hosts being resolved incorrectly.
    NOTE: This vulnerability does not affect Mozilla Thunderbird.
  7. An error within Windows D2D hardware acceleration can be exploited to bypass the same-origin policy and read data from a different domain.