Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!
-----BEGIN PGP SIGNED MESSAGE-----
Mandriva Linux Security Advisory MDVSA-2010:042
Package : firefox
Date : February 19, 2010
Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0
Security issues were identified and fixed in firefox 3.0.x and 3.5.x:
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some
of these could be exploited to run arbitrary code (CVE-2010-0159).
Security researcher Orlando Barrera II reported via TippingPoint's Zero
Day Initiative that Mozilla's implementation of Web Workers contained
an error in its handling of array data types when processing posted
messages. This error could be used by an attacker to corrupt heap
memory and crash the browser, potentially running arbitrary code on
a victim's computer (CVE-2010-0160).
Security researcher Alin Rad Pop of Secunia Research reported that
the HTML parser incorrectly freed used memory when insufficient space
was available to process remaining input. Under such circumstances,
memory occupied by in-use objects was freed and could later be filled
with attacker-controlled text. These conditions could result in the
execution or arbitrary code if methods on the freed objects were
subsequently called (CVE-2009-1571).
Security researcher Hidetake Jo of Microsoft Vulnerability Research
reported that the properties set on an object passed to showModalDialog
were readable by the document contained in the dialog, even when
the document was from a different domain. This is a violation of the
same-origin policy and could result in a website running untrusted
by another site. An anonymous security researcher, via TippingPoint's
Zero Day Initiative, also independently reported this issue to Mozilla
Mozilla security researcher Georgi Guninski reported that when a SVG
document which is served with Content-Type: application/octet-stream
is embedded into another document via an
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH