You are here

V-187: Mozilla Firefox Multiple Vulnerabilities

June 27, 2013 - 6:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Mozilla Firefox

PLATFORM:

Mozilla Firefox 21.x

ABSTRACT:

These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA53970
Secunia Advisory SA53953
Mozilla Advisory mfsa2013-49
Mozilla Advisory mfsa2013-50
Mozilla Advisory mfsa2013-51
Mozilla Advisory mfsa2013-53
Mozilla Advisory mfsa2013-55
Mozilla Advisory mfsa2013-56
Mozilla Advisory mfsa2013-59
CVE-2013-1682
CVE-2013-1683
CVE-2013-1684
CVE-2013-1685
CVE-2013-1686
CVE-2013-1687
CVE-2013-1688
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1694
CVE-2013-1695
CVE-2013-1696
CVE-2013-1697
CVE-2013-1698
CVE-2013-1699
CVE-2013-1700

IMPACT ASSESSMENT:

High

DISCUSSION:

1) An error within Profiler can be exploited to execute arbitrary code.

2) An error when handling a frame element within a sandboxed iframe can be exploited to bypass the intended restrictions.

3) An error when handling the X-Frame-Options header related to the server push in multi-part responses can be exploited to conduct clickjacking attacks.

4) An error when handling the "getUserMedia" permission dialog for an iframe can be exploited to display the origin of the top-level document and conduct spoofing attacks.

5) Some unspecified errors can be exploited to cause memory corruption. No further information is currently available.

IMPACT:

Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
System access

SOLUTION:

Vendor recommends updating to current version

Addthis