https://bugzilla.novell.com/show_bug.cgi?id=894370
https://bugzilla.novell.com/show_bug.cgi?id=894370#c5
--- Comment #5 from Marcus Meissner 2014-09-03 08:20:12 UTC ---
MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via
TippingPoint's Zero Day Initiative, a use-after-free during text layout when
interacting with the setting of text direction. This results in a
use-after-free which can lead to arbitrary code execution.
ANDROID only:
MFSA 2014-71 / CVE-2014-1566: Security researcher Yu Dongsong reported on
Firefox for Android that a file: protocol hyperlink could link to a local file
in the Firefox profile directory, bypassing access restrictions. This issue was
previously addressed in Mozilla Foundation Security Advisory 2014-33 but not
completely.
This problem allows for profile data, such as cookies, to be copied to the SD
card without prompting to the use. This SD card location is world readable
leading to a potential information disclosure of files in the Firefox profile
through a malicious application.
MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered
an out-of-bounds read during the creation of an audio timeline in Web Audio.
This results in a crash and could allow for the reading of random memory
values.
MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski
discovered that when a malformated GIF image is rendered in certain
circumstances, memory is not properly initialized before use. The resulting
image then uses this memory during rendering. This could allow for the a script
in web content to access this unitialized memory using the <canvas> feature.
MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of
the Google Chrome Security Team used the Address Sanitizer tool to discover a
use-after-free during cycle collection. This was found in interactions with the
SVG content through the document object model (DOM) with animating SVG content.
This leads to a potentially exploitable crash.
MFSA 2014-67: Mozilla developers and community identified and fixed several
memory safety bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7,
ESR 31 and Firefox 31. (CVE-2014-1562)
Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong,
Jesse Ruderman, and JW Wang reported memory safety problems and crashes that
affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553)
Gary Kwong, Christian Holler, and David Weir reported memory safety problems
and crashes that affect Firefox 31. (CVE-2014-1554)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.