https://bugzilla.novell.com/show_bug.cgi?id=758408
https://bugzilla.novell.com/show_bug.cgi?id=758408#c11
--- Comment #11 from Marcus Meissner 2012-04-25 18:26:21 UTC ---
MFSA 2012-20: Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.
In general these flaws cannot be exploited through email in the Thunderbird and
SeaMonkey products because scripting is disabled, but are potentially a risk in
browser or browser-like contexts in those products.
Christian Holler a reported memory safety and security problem affecting
Firefox 11. (CVE-2012-0468)
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary
Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay reported
memory safety problems and crashes that affect Firefox ESR and Firefox 11.
(CVE-2012-0467)
MFSA 2012-22 / CVE-2012-0469: Using the Address Sanitizer tool, security
researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in
the XPConnect hashtable instead of being unlinked before being destroyed. When
it is destroyed, this causes a use-after-free, which is potentially
exploitable.
MFSA 2012-23 / CVE-2012-0470: Using the Address Sanitizer tool, security
researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface
which allows for invalid frees and possible remote code execution. This happens
due to float error, resulting from graphics values being passed through
different number systems.
MFSA 2012-24 / CVE-2012-0471: Anne van Kesteren of Opera Software found a
multi-octet encoding issue where certain octets will destroy the following
octets in the processing of some multibyte character sets. This can leave users
vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web
pages.
MFSA 2012-25 / CVE-2012-0472: Security research firm iDefense reported that
researcher wushi of team509 discovered a memory corruption on Windows Vista and
Windows 7 systems with hardware acceleration disabled or using incompatible
video drivers. This is created by using cairo-dwrite to attempt to render fonts
on an unsupported code path. This corruption causes a potentially exploitable
crash on affected systems.
MFSA 2012-26 / CVE-2012-0473: Mozilla community member Matias Juntunen
discovered an error in WebGLBuffer where FindMaxElementInSubArray receives
wrong template arguments from FindMaxUshortElement. This bug causes maximum
index to be computed incorrectly within WebGL.drawElements, allowing the
reading of illegal video memory.
MFSA 2012-27 / CVE-2012-0474: Security researchers Jordi Chancel and Eddy Bordi
reported that they could short-circuit page loads to show the address of a
different site than what is loaded in the window in the addressbar. Security
researcher Chris McGowen independently reported the same flaw, and further
demonstrated that this could lead to loading scripts from the attacker's site,
leaving users vulnerable to cross-site scripting (XSS) attacks.
MFSA 2012-28 / CVE-2012-0475: Security researcher Simone Fabiano reported that
if a cross-site XHR or WebSocket is opened on a web server on a non-standard
port for web traffic while using an IPv6 address, the browser will send an
ambiguous origin headers if the IPv6 address contains at least 2 consecutive
16-bit fields of zeroes. If there is an origin access control list that uses
IPv6 literals, this issue could be used to bypass these access controls on the
server.
MFSA 2012-29 / CVE-2012-0477: Security researcher Masato Kinugawa found that
during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters
near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On
certain pages it might be possible for an attacker to pad the output of the
page such that these errors fall in the right place to affect the structure of
the page, allowing for cross-site script (XSS) injection.
MFSA 2012-30 / CVE-2012-0478: Mozilla community member Ms2ger found an image
rendering issue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on
arbitrary objects. This can lead to a crash on a maliciously crafted web page.
While there is no evidence that this is directly exploitable, there is a
possibility of remote code execution.
MFSA 2012-31 / CVE-2011-3062: Mateusz Jurczyk of the Google Security Team
discovered an off-by-one error in the OpenType Sanitizer using the Address
Sanitizer tool. This can lead to an out-of-bounds read and execution of an
uninitialized function pointer during parsing and possible remote code
execution.
MFSA 2012-32 / CVE-2011-1187: Security researcher Daniel Divricean reported
that a defect in the error handling of javascript errors can leak the file
names and location of javascript files on a server, leading to inadvertent
information disclosure and a vector for further attacks.
MFSA 2012-33 / CVE-2012-0479: Security researcher Jeroen van der Gun reported
that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar
updates to display the new location of the loaded resource, including SSL
indicators, while the main window still displays the previously loaded content.
This allows for phishing attacks where a malicious page can spoof the identify
of another seemingly secure site.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.