Gentoo Linux Security Advisory 201701-15 - Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird the worst of which could lead to the execution of arbitrary code. Versions less than 45.6.0 are affected.
0bedd3566eb12b4450576ccf6cab5a26e4212a62071909223fd527560cddaa66Ubuntu Security Notice 2458-3 - USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. Various other issues were also addressed.
741324ee8837b8281a71616c36adb2d0af44e5dc3a322ae1f72ca546e720c2e4Ubuntu Security Notice 2458-2 - USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0e4576dca2a7548be8635513343f1ea1f367d17a4d8b974932e22faa60527fd1Ubuntu Security Notice 2458-1 - Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
92db72866e344fea97e1912c537fa769148bc62a174db073d8f01c65c07fe937
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed