CERT-In Vulnerability Note CIVN-2009-59
Mozilla Firefox "nsTextFrame::ClearTextRun()" Memory Corruption Vulnerability
Original Issue Date:April 30, 2009
Severity Rating:
High
Systems Affected
- Mozilla Firefox Version 3.0.9
Overview
A vulnerability has been reported in Mozilla Firefox, which could allow a remote attacker to execute an arbitrary code, cause a denial of service or potentially compromise an affected system.
Description
This vulnerability is caused due to an error when calling the "nsTextFrame::ClearTextRun()" function in Mozilla Firefox. A remote attacker could exploit this vulnerability by tricking a user to visit a specially crafted HTML page to trigger memory corruption error. Successful exploitation of this vulnerability could allow arbitrary code execution, cause denial of service condition or compromise an affected system.
Solution
Update to Mozilla Firefox version 3.0.10
http://www.mozilla.org/projects/firefox/
Vendor Information
Mozilla
http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
References
Mozilla
http://www.mozilla.org/security/announce/2009/mfsa2009-23.html
Bugzilla
https://bugzilla.mozilla.org/show_bug.cgi?id=489647
Secunia
http://secunia.com/advisories/34866/
SecurityFocus
http://www.securityfocus.com/bid/34743
SecurityTracker
http://www.securitytracker.com/alerts/2009/Apr/1022126.html
VUPEN
http://www.vupen.com/english/advisories/2009/1180
CVE Name
CVE-2009-1313
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
