October 25, 2014

Mozilla Releases Another New Version of Firefox to Fix Yet Another Critical Vulnerability

(LiveHacking.Com) – Less then 7 days after the release of Firefox 10.0.1, Mozilla has now released a new version of Firefox (10.0.2) and Thunderbird (also 10.0.2) to fix a Critical libpng integer overflow vulnerability. The bug, which affects Firefox, Thunderbird, SeaMonkey, is an integer overflow in the libpng library that can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.

The presence of the bug first came to light when Google released Chrome 17.0.963.56 to fix the integer overflow in libpng where it was noted that the bug allows remote attackers to cause a denial of service. According to the Chromium source code the fix includes a check for both truncation (64-bit platforms) and integer overflow.

Also fixed in 10.0.2 is a bug where Java applets sometimes caused text input to become unresponsive (bug 718939).

Mozilla Fixes Critical Vulnerability in Firefox and Thunderbird

(LiveHacking.Com) – Mozilla has released new versions of Firefox and Thunderbird to fix a “use after free” crash which is potentially exploitable. According to the security advisory Mozilla developers Andrew McCreight and Olli Pettay found that the ReadPrototypeBindings code leaves a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

The Mozilla Foundation said Firefox 9 and earlier browser versions are not affected by this vulnerability.

Mozilla Updates Firefox 3.5, 3.6 and 4.0

Mozilla has released a series of security updates for all currently supported versions of Firefox. Firefox 4.0.1, 3.6.17 and 3.5.19 are now available for Windows, Mac, and Linux. Mozilla is recommending that users update to the latest versions but also encourage all users to upgrade to Firefox 4 as this is the last planned security and stability release for Firefox 3.5.

The first fixes are for several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and Mozilla presume that with enough effort at least some of these could be exploited to run arbitrary code.

A minor security vulnerability was fixed in the XSLT generate-id() function as it was revealing a specific valid address of an object on the memory heap. It is theoretical that this information could have been used in combination with other heap corruption exploits.

There is also a fix for a vulnerability in the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox 3.5 and 3.6 that if exploited could allow an attacker to obtain elevated access to resources on a user’s system.

Specific to Firefox 4 is an additional fix to its WebGL feature. Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature. Also there is a fix for a vulnerability that could potentially be used to bypass a security feature of recent Windows versions.

Mozilla has also released Thunderbird 3.1.10. The release notes are available here.

Multiple Unspecified Vulnerabilities in Mozilla Firefox, Thunderbird and SeaMonkey

Mozilla Firefox, Thunderbird and SeaMonkey are vulnerable to multiple unspecified security issues. The vulnerabilities occur in the operating system (OS) font code. No further information is available about these issues.

New versions of Firefox, Thunderbird and SeaMonkey are available to address these issues.

These issues are fixed in the following versions:

  • Firefox 3.6.13
  • Firefox 3.5.16
  • Thunderbird 3.0.11
  • Thunderbird 3.1.7
  • SeaMonkey 2.0.11