MozillaFirefoxMozillaFirefox: Security update to version 3.0.12MozillaFirefox: Security update to version 3.0.12The MozillaFirefox 3.0.12 release fixes various bugs and
some critical security issues.
MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 /
CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla
developers and community members identified and fixed
several stability bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
MFSA 2009-35 / CVE-2009-2467: Security researcher Attila
Suszter reported that when a page contains a Flash object
which presents a slow script dialog, and the page is
navigated while the dialog is still visible to the user,
the Flash plugin is unloaded resulting in a crash due to a
call to the deleted object. This crash could potentially be
used by an attacker to run arbitrary code on a victim's
computer.
MFSA 2009-36 / CVE-2009-1194: oCERT security researcher
Will Drewry reported a series of heap and integer overflow
vulnerabilities which independently affected multiple font
glyph rendering libraries. On Linux platforms libpango was
susceptible to the vulnerabilities while on OS X
CoreGraphics was similarly vulnerable. An attacker could
trigger these overflows by constructing a very large text
run for the browser to display. Such an overflow can result
in a crash which the attacker could potentially use to run
arbitrary code on a victim's computer. The open-source
nature of Linux meant that Mozilla was able to work with
the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was distributed
with OS security updates. On Mac OS X Firefox works around
the CoreGraphics flaw by limiting the length of text runs
passed to the system.
MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal
reported a crash involving a SVG element on which a watch
function and __defineSetter__ function have been set for a
particular property. The crash showed evidence of memory
corruption and could potentially be used by an attacker to
run arbitrary code on a victim's computer.
MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake
Kaplan reported that setTimeout, when called with certain
object parameters which should be protected with a
XPCNativeWrapper, will fail to keep the object wrapped when
compiling the new function to be executed. If chrome
privileged code were to call setTimeout using this as an
argument, the this object will lose its wrapper and could
be unsafely accessed by chrome code. An attacker could use
such vulnerable code to run arbitrary JavaScript with
chrome privileges.
MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher
moz_bug_r_a4 reported a series of vulnerabilities in which
objects that normally receive a XPCCrossOriginWrapper are
constructed without the wrapper. This can lead to cases
where JavaScript from one website may unsafely access
properties of such an object which had been set by a
different website. A malicious website could use this
vulnerability to launch a XSS attack and run arbitrary
JavaScript within the context of another site.
The MozillaFirefox 3.0.12 release fixes various bugs and
some critical security issues.
MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 /
CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466: Mozilla
developers and community members identified and fixed
several stability bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
MFSA 2009-35 / CVE-2009-2467: Security researcher Attila
Suszter reported that when a page contains a Flash object
which presents a slow script dialog, and the page is
navigated while the dialog is still visible to the user,
the Flash plugin is unloaded resulting in a crash due to a
call to the deleted object. This crash could potentially be
used by an attacker to run arbitrary code on a victim's
computer.
MFSA 2009-36 / CVE-2009-1194: oCERT security researcher
Will Drewry reported a series of heap and integer overflow
vulnerabilities which independently affected multiple font
glyph rendering libraries. On Linux platforms libpango was
susceptible to the vulnerabilities while on OS X
CoreGraphics was similarly vulnerable. An attacker could
trigger these overflows by constructing a very large text
run for the browser to display. Such an overflow can result
in a crash which the attacker could potentially use to run
arbitrary code on a victim's computer. The open-source
nature of Linux meant that Mozilla was able to work with
the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was distributed
with OS security updates. On Mac OS X Firefox works around
the CoreGraphics flaw by limiting the length of text runs
passed to the system.
MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal
reported a crash involving a SVG element on which a watch
function and __defineSetter__ function have been set for a
particular property. The crash showed evidence of memory
corruption and could potentially be used by an attacker to
run arbitrary code on a victim's computer.
MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake
Kaplan reported that setTimeout, when called with certain
object parameters which should be protected with a
XPCNativeWrapper, will fail to keep the object wrapped when
compiling the new function to be executed. If chrome
privileged code were to call setTimeout using this as an
argument, the this object will lose its wrapper and could
be unsafely accessed by chrome code. An attacker could use
such vulnerable code to run arbitrary JavaScript with
chrome privileges.
MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher
moz_bug_r_a4 reported a series of vulnerabilities in which
objects that normally receive a XPCCrossOriginWrapper are
constructed without the wrapper. This can lead to cases
where JavaScript from one website may unsafely access
properties of such an object which had been set by a
different website. A malicious website could use this
vulnerability to launch a XSS attack and run arbitrary
JavaScript within the context of another site.
securityMozillaFirefoxi58697b03b6dbc5aa42ca3d45f40938cfa1fb110b556bc697d1417e3d7c8a8ada7b503a7a9863e5ce7740b1d77db9306a55326ad01d9d9c168792db16b3bMozillaFirefoxppc6627c9dd2e3584a9c1593e6c833653c9b01120bae5c6824260943628fe463b6e4653357db17a6373946f9e52ab451c3f45e8e3e8aa967ec497568d8bMozillaFirefoxx86_64494a0baaf5ff3d81a6dd2151d8e23285a629881532138e736d533abb8f8e8ff0004dd01017516aa38feb24c5a923fddead0c2b6a661a8f3b7fa984beMozillaFirefox-translationsi586c40d5881c0cc90f8954110f0d39bd760004eb573419f59402d4f1d5ad1304857e78906ed666be0d06ea705a94b384ba56263ca500afcd18227c81409MozillaFirefox-translationsppc071302c84b9cd6723627c2cecb6d675bd67023b0785f8c54cd781bc88b28c62f05e4f3aec55bb469d53fb42491b1b582ad56248684493ead622205c7MozillaFirefox-translationsx86_64c15b5f23074199813a202da5d01c24e0bf015d547f2bd3565c3fdd4aee6cf43e71b3f76de2f3ff38929faa70548385155d2bd2be8184255bb7c847damozilla-xulrunner190i586cbc62984e78adfe6e4a61689400bf2462a6578ccmozilla-xulrunner190ppc286463e27989ae141089068fec2652790128597dmozilla-xulrunner190x86_64754e4da0f009c369d90c3d04d10727f2d4d3637dmozilla-xulrunner190-32bitx86_64a3fa9064a4df7d367dc8db551c7e13c1ba64e53cmozilla-xulrunner190-64bitppc294edb3781d835bc4bf513d0799a74050631f4aemozilla-xulrunner190-develi58682c79f18aa7889e67a7b9c6055cc11af9a90f112mozilla-xulrunner190-develppce54b540b57992814de32e9e4d82d377fdf6388c4mozilla-xulrunner190-develx86_64b89a6ac41342da497b285875e085e4010826a276mozilla-xulrunner190-gnomevfsi5862044c48c10a19ced4a725387927b051316ac6831mozilla-xulrunner190-gnomevfsppc31aa41a842d78a5ffe38a2e2097ca754847dd58bmozilla-xulrunner190-gnomevfsx86_64f2e4371fc81b10a1b925c013e62249c2497ae504mozilla-xulrunner190-gnomevfs-32bitx86_64a4da4cbcddc8f794edd3bbdda29df11f57ae14e1mozilla-xulrunner190-gnomevfs-64bitppcb26b868bcc3f4722b769073f64948cb8bb7b2155mozilla-xulrunner190-translationsi586350f560e363420db3a1a019279ce4654f9f66942mozilla-xulrunner190-translationsppcf8be357c316d1f89e77049eb562ce42d52f35a1dmozilla-xulrunner190-translationsx86_64e3c810c9147f520f64eaf7ffc3a0e9d5d7917cf4mozilla-xulrunner190-translations-32bitx86_6461597623a4043a473d7ac47eedd4899442b08211mozilla-xulrunner190-translations-64bitppc860a74f15c4debc679653347787eac8353cec61fpython-xpcom190i586e1782d7ed997e908b8bf1e2c977caeb5a513eb00