firefox
Page content
- Vulnerable: 2.0.0.14-1kalgan1
- Unaffected: 2.0.0.15-1kalgan1
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user’s system.
- Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory.
- An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a “fastload” file via “script” elements.
- An error in the “mozIJSSubScriptLoader.LoadScript()” function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges. Successful exploitation requires that an add-on using the affected function is installed.
- An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code.
- An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content.
- Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain.
- Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR’s signer.
- An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted “DOM Range” and “originalTarget” elements.
- An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections.
- An uninitialized memory access in the processing of improperly encoded “.properties” files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file.
- An error in the processing of “Alt Names” provided by “peer” trusted certificates can be exploited to conduct spoofing attacks.
- An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file.
- Bug Tracker URL: http://bugs.frugalware.org/task/3202
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811