Mozilla has released security bulletins related to found issues in some of their products. Ten of the fixed vulnerabilities are categorized as critical, two as high, one as moderate and two as low.
Critical:
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-59 SJOW creates scope chains ending in outer object
High:
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-61 UTF-7 XSS by overriding document charset using < object > type attribute
Moderate:
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
Low:
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-63 Information leak via XMLHttpRequest statusText
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment