Mailinglist Archive: opensuse-bugs (3547 mails)
|< Previous||Next >|
[Bug 720264] VUL-0: Firefox 7 / 3.6.23 and other Mozilla apps
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Wed, 28 Sep 2011 11:44:11 +0000
- Message-id: <20110928114411.A6187245524@molor.provo.novell.com>
--- Comment #8 from Marcus Meissner <meissner@xxxxxxxx> 2011-09-28 11:44:10 UTC
Michael Jordon of Context IS reported that in the ANGLE library used by WebGL
the return value from GrowAtomTable() was not checked for errors. If an
attacker could cause requests that exceeded the available memeory those would
fail and potentially lead to a buffer overrun as subsequent code wrote into the
non-allocated space. (CVE-2011-3002)
Ben Hawkes of the Google Security Team reported a WebGL test case that
demonstrated an out of bounds write after an allocation failed. (CVE-2011-3003)
Security researcher Aki Helin reported a potentially exploitable crash in the
David Rees reported that the JSSubScriptLoader (a feature used by some add-ons)
was "unwrapping" XPCNativeWrappers when they were used as the scope parameter
to loadSubScript(). Without the protection of the wrappers the add-on could be
vulnerable to privilege escalation attacks from malicious web content. Whether
any given add-on were vulnerable would depend on how the add-on used the
feature and whether it interacted directly with web content, but we did find at
least one vulnerable add-on and presumer there are more. (CVE-2011-3004)
The unwrapping behavior was a change introduced during Firefox 4 development.
Firefox 3.6 and earlier versions are not affected.
sczimmer reported that Firefox crashed when loading a particular .ogg file.
This was due to a use-after-free condition and could potentially be exploited
to install malware. (CVE-2011-3005)
This vulnerability does not affect Firefox 3.6 or earlier.
University of California, Davis researchers Liang Cai and Hao Chen presented a
paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device
motion data on mobile devices. Web pages can now receive data similar to the
apps studied in that paper and likely present a similar risk. We have decided
to limit motion data events to the currently-active tab to prevent the
possibility of background tabs attempting to decipher keystrokes the user is
entering into the foreground tab.
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
|< Previous||Next >|