Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability

Source: Internet
Author: User
Tags mozilla thunderbird seamonkey cve

Release date:
Updated on:

Affected Systems:
Mozilla Firefox 3.5.11-3.6.10
Mozilla Thunderbird 3.0-3.1.5
Mozilla SeaMonkey 2.0.1-2.0.10
Unaffected system:
Mozilla Firefox 3.6.13
Mozilla Firefox 3.5.16
Mozilla Thunderbird 3.1.7
Mozilla Thunderbird 3.0.11
Mozilla SeaMonkey 2.0.11
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45348, 45348, 45351
Cve id: CVE-2010-3769, CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3769, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775

Firefox is a very popular open-source WEB browser. Thunderbird is a mail client that supports IMAP, POP protocol, and HTML format. SeaMonkey is an open-source Web browser, mail and newsgroup client, IRC session client, and HTML editor.

Mozilla Firefox, Thunderbird, and SeaMonkey vulnerabilities allow attackers to execute cross-site scripting and spoofing attacks in affected applications, bypass certain security restrictions, and control user systems.

This vulnerability originated from
1) multiple errors in the browser engine can cause memory corruption and arbitrary code execution;
2) when processing a line change, the string passed to "document. write ()" is too long, which may cause reading data from the out-of-bounds memory location and executing arbitrary code.
3) an error occurs when you use "window. open ()" to open a new window. As a result, the "<isindex>" element is used to execute arbitrary JavaScript code with chrome permissions.
4) When an error occurs while processing the <treechildren> <div> element nested in the XUL Tree, the memory is corrupted and arbitrary code is executed.
5) when loading through the "data:" URL, an error occurs in Java LiveConnect, resulting in reading arbitrary files, starting arbitrary processes, and establishing network links.
6) An error occurred while handling the "nsDOMAttribute" node, causing memory corruption and arbitrary code execution.
7) the integer overflow vulnerability exists during array creation, causing memory corruption and arbitrary code execution.
8) XMLHttpRequestSpy object errors, resulting in JavaScript code execution.
9) an error occurs when processing documents without a solid Source Association. As a result, the same-origin policy is bypassed, the URL of the trusted site is changed, and the user is deceived to access the open site. The following error occurs: about: config or about: neterror page.
10) when processing Mac character set encoding, an error occurs in the presentation engine, resulting in arbitrary JavaScript code execution on the target website;


<* Source: Dirk Heinrich
Jesee Ruderman
Andreas Gal (http://www.andreasgal.com /)
Nils
Echo
Wooshi@gmail.com (wushi)
Yosuke Hasegawa

Link: http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-76.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-77.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-79.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-80.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-82.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-84.html
Http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.mozilla.org/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.