Firefox 3.6.13 Is Out, 9 Critical Security Advisories Accompany It
The Mozilla-developed Firefox web browser has been updated to version 3.6.13 and all Firefox users out there are well advised to get the update as soon as possible. They can get it in one of three ways:
1 – Wait for the automatic update prompt.
2 – Download Firefox 3.6.13 from Mozilla.com here.
3 – Manually trigger an update by clicking Check for Updates in the Help menu.
Why are Firefox users well advised to get the update? For one simple reason: security. You see, Firefox 3.6.13 is a stability and security update; it is accompanied by a grand total of 11 security advisories, 9 of which carry the critical rating.
Mozilla uses a 4-tier rating system: low, moderate, high, and critical. The critical rating is employed only when a “vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.”
Getting back to the 9 critical security advisories, here are the details Mozilla made public.
MFSA 2010-82
Title: Incomplete fix for CVE-2010-0179
Description: the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges.
Credit: Mozilla security researcher moz_bug_r_a4.
MFSA 2010-81
Title: Integer overflow vulnerability in NewIdArray
Description: An array could be constructed containing a very large number of items such that when memory was allocated to store the array items, the integer value used to calculate the buffer size would overflow resulting in too small a buffer being allocated. Subsequent use of the array object could then result in data being written past the end of the buffer and causing memory corruption.
Credit: Security researcher regenrecht.
MFSA 2010-80
Title: Use-after-free error with nsDOMAttribute MutationObserver
Description: A nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to an inconsistent state where the iterator points to an object it believes is part of the DOM but actually points to some other object. If such an object had been deleted and its memory reclaimed by the system, then the iterator could be used to call into attacker-controlled memory.
Credit: Security researcher regenrecht.
MFSA 2010-79
Title: Java security bypass from LiveConnect loaded via data: URL meta refresh
Description: When a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read local files, launch processes, and create network connections.
Credit: Security researcher Gregory Fleischer.
MFSA 2010-78
Title: Add support for OTS font sanitizer
Description: Added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several independently reported issues.
Credit: Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl.
MFSA 2010-77
Title: Crash and remote code execution using HTML tags inside a XUL tree
Description: When a XUL tree had an HTML <div> element nested inside a <treechildren> element then code attempting to display content in the XUL tree would incorrectly treat the <div> element as a parent node to tree content underneath it resulting in incorrect indexes being calculated for the child content. These incorrect indexes were used in subsequent array operations which resulted in writing data past the end of an allocated buffer. An attacker could use this issue to crash a victim's browser and run arbitrary code on their machine.
Credit: Security researcher wushi of team509.
MFSA 2010-76
Title: Chrome privilege escalation with window.open and <isindex> element
Description: A web page could open a window with an about:blank location and then inject an <isindex> element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a chrome-privileged object, the opened window, which could be leveraged for privilege escalation attacks.
Credit: Security researcher echo and Mozilla security researcher moz_bug_r_a4.
MFSA 2010-75
Title: Buffer overflow while line breaking after document.write with long string
Description: On Windows platforms when document.write() was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer.
Credit: Dirk Heinrich
MFSA 2010-74
Title: Miscellaneous memory safety hazards
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances. With enough effort at least some of these could be exploited to run arbitrary code.
Credit: Jesee Ruderman, Andreas Gal, Nils, Igor Bukanov, and Brian Hackett.
Mozilla also released Firefox 3.5.16 - release notes here, download here. 3.5.16 is a stability and security update that fixes the same security issues 3.6.13 does.
Tags: Mozilla, Firefox, Security, Update
1 – Wait for the automatic update prompt.
2 – Download Firefox 3.6.13 from Mozilla.com here.
3 – Manually trigger an update by clicking Check for Updates in the Help menu.
Why are Firefox users well advised to get the update? For one simple reason: security. You see, Firefox 3.6.13 is a stability and security update; it is accompanied by a grand total of 11 security advisories, 9 of which carry the critical rating.
Advertising
Mozilla uses a 4-tier rating system: low, moderate, high, and critical. The critical rating is employed only when a “vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.”
Getting back to the 9 critical security advisories, here are the details Mozilla made public.
MFSA 2010-82
Title: Incomplete fix for CVE-2010-0179
Description: the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges.
Credit: Mozilla security researcher moz_bug_r_a4.
MFSA 2010-81
Title: Integer overflow vulnerability in NewIdArray
Description: An array could be constructed containing a very large number of items such that when memory was allocated to store the array items, the integer value used to calculate the buffer size would overflow resulting in too small a buffer being allocated. Subsequent use of the array object could then result in data being written past the end of the buffer and causing memory corruption.
Credit: Security researcher regenrecht.
MFSA 2010-80
Title: Use-after-free error with nsDOMAttribute MutationObserver
Description: A nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to an inconsistent state where the iterator points to an object it believes is part of the DOM but actually points to some other object. If such an object had been deleted and its memory reclaimed by the system, then the iterator could be used to call into attacker-controlled memory.
Credit: Security researcher regenrecht.
MFSA 2010-79
Title: Java security bypass from LiveConnect loaded via data: URL meta refresh
Description: When a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read local files, launch processes, and create network connections.
Credit: Security researcher Gregory Fleischer.
MFSA 2010-78
Title: Add support for OTS font sanitizer
Description: Added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several independently reported issues.
Credit: Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl.
MFSA 2010-77
Title: Crash and remote code execution using HTML tags inside a XUL tree
Description: When a XUL tree had an HTML <div> element nested inside a <treechildren> element then code attempting to display content in the XUL tree would incorrectly treat the <div> element as a parent node to tree content underneath it resulting in incorrect indexes being calculated for the child content. These incorrect indexes were used in subsequent array operations which resulted in writing data past the end of an allocated buffer. An attacker could use this issue to crash a victim's browser and run arbitrary code on their machine.
Credit: Security researcher wushi of team509.
MFSA 2010-76
Title: Chrome privilege escalation with window.open and <isindex> element
Description: A web page could open a window with an about:blank location and then inject an <isindex> element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a chrome-privileged object, the opened window, which could be leveraged for privilege escalation attacks.
Credit: Security researcher echo and Mozilla security researcher moz_bug_r_a4.
MFSA 2010-75
Title: Buffer overflow while line breaking after document.write with long string
Description: On Windows platforms when document.write() was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer.
Credit: Dirk Heinrich
MFSA 2010-74
Title: Miscellaneous memory safety hazards
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances. With enough effort at least some of these could be exploited to run arbitrary code.
Credit: Jesee Ruderman, Andreas Gal, Nils, Igor Bukanov, and Brian Hackett.
Mozilla also released Firefox 3.5.16 - release notes here, download here. 3.5.16 is a stability and security update that fixes the same security issues 3.6.13 does.
Tags: Mozilla, Firefox, Security, Update
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for download
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 21 Dec 2011
Nonprofit organization Mozilla has updated its popular Firefox web browser to version 9.0. If you’re on Firefox and you did not receive an automated update prompt, you can manually trigger one from the Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Firefox 3.6.13 Is Out, 9 Critical Security Advisories Accompany It
HTML Linking Code
HTML Linking Code