Southern Maryland Online - Serving Calvert, Charles, & St. Mary's Counties. Click here to go to the Front Page of somd.com.
 
| Write Us | Help | Sponsors | Classifieds | Employment | Forums | MarketPlace | Calendar | Headlines | Announcements | Weather | More... |


Go Back   Southern Maryland Community Forums > General Interest > Computers, Technology, & the Internet
Firefox hit by multiple drive-by download flaws Firefox hit by multiple drive-by download flaws
Register Blogs FAQ Members List Calendar Chat Search Today's Posts Mark Forums Read Wireless

Computers, Technology, & the Internet Talk about computers, the net and the latest technology, e.g. music, video, wireless, you name it. Who do you love more? Your wife or your Tivo?

Reply
 
LinkBack Thread Tools Display Modes
Old 10-28-2009, 03:55 PM   #1 (permalink)
Registered User
 
EmptyTimCup's Avatar
 
Member Since: Dec 2007
Location: In confusion
Posts: 1,596
Firefox hit by multiple drive-by download flaws




Quote:
Firefox hit by multiple drive-by download flaws

Posted by Ryan Naraine @ 7:34 am

* MFSA 2009-64 (Critical) — Crashes with evidence of memory corruption. Four different vulnerabilities were documented. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
* MFSA 2009-63 (Critical) — Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim’s browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues. Three different vulnerabilities were documented.
* MFSA 2009-59 (Critical) — A heap-based buffer overflow in Mozilla’s string to floating point number conversion routines allows an attacker to craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim’s computer.
* MFSA 2009-57 (Critical) — The XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web content, potentially executing malicious JavaScript code with chrome privileges.
* MFSA 2009-56 (Critical) — A heap-based buffer overflow in Mozilla’s GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim’s browser and run arbitrary code on their computer. This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.
* MFSA 2009-54 (Critical) — Recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim’s computer. Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.
__________________
Early bird gets the worm, but the second mouse gets the cheese.
EmptyTimCup is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Add post to Facebook
[ Reply w/Quote ]
Old 10-28-2009, 04:52 PM   #2 (permalink)
Super Genius
 
ylexot's Avatar
 
Member Since: Feb 2004
Location: St Inigoes, MD
Posts: 10,819
Guess I'll be running the upgrade now instead of waiting for the end of the day...
__________________
It will be of little avail to the people that the laws are made by men of their own choice if the laws be so voluminous that they cannot read, or so incoherent that they cannot be understood; if they be repealed or revised before they are promulgated, or undergo such incessant changes that no man, who knows what the law is today, can guess what it will be tomorrow. Law is defined to be a rule of action; but how can that be a rule, which is little known and less fixed? -James Madison
ylexot is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Add post to Facebook
[ Reply w/Quote ]
Reply


« Previous Thread | Next Thread »


Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 05:35 PM.

Contact Us - Southern Maryland Online - Archive - Privacy Statement - Top


| Home | Help | Contact Us | About somd.com | Privacy | Advertising | Sponsors | Newsletter |

| What's New | What's Cool | Top Rated | Add A Link | Mod a Link | Link to Us |

| Announcements | Bookstore | Chat | Calendar | Classifieds | Community |
| Contests & Surveys | Culture | Dating | Dining | Education | Employment | Entertainment |
| Forums | Free E-Mail | Games | Gear! | Government | Guestbook | Health | Marketplace | Mortgage | News |
| Organizations | Photos | Postcard | Real Estate | Relocation | Sports | Survey | Travel | Wiki | Weather | Worship |

Brought to you by Virtually Everything, Inc.   ©1996-2009, All rights reserved.

SEO by vBSEO 3.1.0 ©2007, Crawlability, Inc.