You are here

V-126: Mozilla Firefox Multiple Vulnerabilities

April 4, 2013 - 6:00am

Addthis

PROBLEM:

Mozilla Firefox Multiple Vulnerabilities

PLATFORM:

The vulnerabilities are reported in versions prior to 20.0

ABSTRACT:

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA52770
Secunia Advisory SA52293
Mozilla Security Announcement mfsa2013-30
Mozilla Security Announcement mfsa2013-31
Mozilla Security Announcement mfsa2013-32
Mozilla Security Announcement mfsa2013-34
Mozilla Security Announcement mfsa2013-35
Mozilla Security Announcement mfsa2013-36
Mozilla Security Announcement mfsa2013-37
Mozilla Security Announcement mfsa2013-38
Mozilla Security Announcement mfsa2013-39
CVE-2013-0788
CVE-2013-0789
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0797
CVE-2013-0799
CVE-2013-0800

IMPACT ASSESSMENT:

High

DISCUSSION:

1) Some unspecified errors can be exploited to cause memory corruption

2) An unspecified error in the Mozilla Maintenance Service can be exploited to cause a buffer overflow via arbitrary arguments and execute arbitrary code with the privileges of the service

3) An error related to a baseURI of a page within the history can be exploited to spoof the URL displayed in the addressbar while displaying a different page and execute script code

IMPACT:

Cross Site Scripting
Spoofing
Privilege escalation
System access

SOLUTION:

The vendor recommends upgrading to version 20.0

Addthis