Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Mandrake/Mandriva :: bx6141.htm

firefox



firefox
firefox




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:070
http://www.mandriva.com/security/ 
 _______________________________________________________________________

 Package : firefox
 Date    : April 13, 2010
 Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in firefox:
 
 Security researcher regenrecht reported (via TippingPoint's Zero Day
 Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
 handling of multipart/x-mixed-replace images. Although no exploit was
 shown, re-use of freed memory has led to exploitable vulnerabilities
 in the past (CVE-2010-0164).
 
 Mozilla developers identified and fixed several stability bugs in the
 browser engine used in Firefox and other Mozilla-based products. Some
 of these crashes showed evidence of memory corruption under certain
 circumstances and we presume that with enough effort at least some
 of these could be exploited to run arbitrary code (CVE-2010-0165,
 CVE-2010-0167).
 
 Mozilla developer Josh Soref of Nokia reported that documents
 failed to call certain security checks when attempting to preload
 images. Although the image content is not available to the page, it
 is possible to specify protocols that are normally not allowed in a
 web page such as file:. This includes internal schemes implemented
 by add-ons that might perform privileged actions resulting in
 something like a Cross-Site Request Forgery (CSRF) attack against
 the add-on. Potential severity would depend on the add-ons installed
 (CVE-2010-0168).
 
 Mozilla developer Blake Kaplan reported that the window.location object
 was made a normal overridable JavaScript object in the Firefox 3.6
 browser engine (Gecko 1.9.2) because new mechanisms were developed
 to enforce the same-origin policy between windows and frames. This
 object is unfortunately also used by some plugins to determine the page
 origin used for access restrictions. A malicious page could override
 this object to fool a plugin into granting access to data on another
 site or the local file system. The behavior of older Firefox versions
 has been restored (CVE-2010-0170).
 
 Mozilla developer Justin Dolske reported that the new asynchronous
 Authorization Prompt (HTTP username and password) was not always
 attached to the correct window. Although we have not demonstrated
 this, it may be possible for a malicious page to convince a user
 to open a new tab or popup to a trusted service and then have the
 HTTP authorization prompt from the malicious page appear to be the
 login prompt for the trusted page. This potential attack is greatly
 mitigated by the fact that very few web sites use HTTP authorization,
 preferring instead to use web forms and cookies (CVE-2010-0172).
 
 Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows
 remote attackers to cause a denial of service (memory corruption and
 application crash) and possibly have unknown other impact via vectors
 that might involve compressed data, a different vulnerability than
 CVE-2010-1028 (CVE-2010-1122).
 
 Mozilla developers identified and fixed several stability bugs in the
 browser engine used in Firefox and other Mozilla-based products. Some
 of these crashes showed evidence of memory corruption under certain
 circumstances, and we presume that with enough effort at least some
 of these could be exploited to run arbitrary code (CVE-2010-0173,
 CVE-2010-0174)
 
 Security researcher regenrecht reported via TippingPoint's Zero Day
 Initiative that a select event handler for XUL tree items could be
 called after the tree item was deleted. This results in the execution
 of previously freed memory which an attacker could use to crash a
 victim's browser and run arbitrary code on the victim's computer
 (CVE-2010-0175).
 
 Security researcher regenrecht reported via TippingPoint's Zero Day
 Initiative an error in the way . In certain cases, the number of references
 to an 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH