CERT-In Vulnerability Note CIVN-2010-31
Multiple Memory Corruption Vulnerabilities in Mozilla Products
Original Issue Date: February 24, 2010
Severity Rating:High
System Affected
- Mozilla Firefox versions 3.5.x prior to 3.5.8
- Mozilla Firefox versions prior to 3.6
- Mozilla Firefox versions 3.0.x prior to 3.0.18
- Mozilla SeaMonkey Versions prior to 2.0.3
- Mozilla Thunderbird versions prior to 3.0.2
Description
Multiple memory corruption vulnerabilities exist in the JavaScript and browser engines when parsing malformed data in Mozilla Firefox, SeaMonkey and Thunderbird. A remote attacker could exploit these vulnerabilities via a specially crafted web page to trigger a memory corruption error. Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary code or cause denial of service condition.
Workaround
- Disable JavaScript until a version containing these fixes can be installed.
Soultion
Upgrade to Mozilla Firefox version 3.6, 3.5.8 or 3.0.18 or later
http://www.mozilla.com/firefox/
Upgrade to Mozilla SeaMonkey version 2.0.3
http://www.mozilla.org/projects/seamonkey/
Upgrade to Mozilla Thunderbird version 3.0.2
http://www.mozilla.com/thunderbird
Vendor Information
Mozilla
http://www.mozilla.com/en-US/
References
Mozilla
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Bugzilla
https://bugzilla.mozilla.org/buglist.cgi?bug_id=534082,501934,528300,
528134,527567,467005,530880
Secunia
http://secunia.com/advisories/37242/
SecurityFocus
http://www.securityfocus.com/bid/38286
VUPEN
http://www.vupen.com/english/advisories/2010/0405
CVE Name
CVE-2010-0159
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
