Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
#FIREFOX ESR 17 CODE#
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. There are several vulnerabilities identified in the application.
#FIREFOX ESR 17 UPGRADE#
(CVE-2013-1697) Solution Upgrade to Firefox 17.0.7 ESR or later.Mozilla Firefox is a cross platform web browser. (CVE-2013-1694) - An error exists related to the 'toString' and 'valueOf' methods that could allow 'XrayWrappers' to be bypassed. (CVE-2013-1693) - An error exists related to 'PreserveWrapper' and the 'preserved-wrapper' flag that could cause potentially exploitable application crashes.
(CVE-2013-1692) - An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1690) - The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks.
(CVE-2013-1687) - An error related to 'onreadystatechange' and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686) - An error exists related to 'XBL scope', 'System Only Wrappers' (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1682) - Heap-use-after-free errors exist related to 'LookupMediaElementURITable', 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'. Description The installed version of Firefox ESR 17.x is earlier than 17.0.7, and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist.
#FIREFOX ESR 17 WINDOWS#
Synopsis The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.
0 kommentar(er)
