August 29, 2014

Mozilla Releases Another New Version of Firefox to Fix Yet Another Critical Vulnerability

(LiveHacking.Com) – Less then 7 days after the release of Firefox 10.0.1, Mozilla has now released a new version of Firefox (10.0.2) and Thunderbird (also 10.0.2) to fix a Critical libpng integer overflow vulnerability. The bug, which affects Firefox, Thunderbird, SeaMonkey, is an integer overflow in the libpng library that can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.

The presence of the bug first came to light when Google released Chrome 17.0.963.56 to fix the integer overflow in libpng where it was noted that the bug allows remote attackers to cause a denial of service. According to the Chromium source code the fix includes a check for both truncation (64-bit platforms) and integer overflow.

Also fixed in 10.0.2 is a bug where Java applets sometimes caused text input to become unresponsive (bug 718939).

Mozilla Fixes Critical Vulnerability in Firefox and Thunderbird

(LiveHacking.Com) – Mozilla has released new versions of Firefox and Thunderbird to fix a “use after free” crash which is potentially exploitable. According to the security advisory Mozilla developers Andrew McCreight and Olli Pettay found that the ReadPrototypeBindings code leaves a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

The Mozilla Foundation said Firefox 9 and earlier browser versions are not affected by this vulnerability.

Multiple Unspecified Vulnerabilities in Mozilla Firefox, Thunderbird and SeaMonkey

Mozilla Firefox, Thunderbird and SeaMonkey are vulnerable to multiple unspecified security issues. The vulnerabilities occur in the operating system (OS) font code. No further information is available about these issues.

New versions of Firefox, Thunderbird and SeaMonkey are available to address these issues.

These issues are fixed in the following versions:

  • Firefox 3.6.13
  • Firefox 3.5.16
  • Thunderbird 3.0.11
  • Thunderbird 3.1.7
  • SeaMonkey 2.0.11