October 25, 2014

Mozilla Releases Firefox 11 and Updates Firefox 3.6 to Fix Security Vulnerabilities

(LiveHacking.Com) – The Mozilla Foundation has released Firefox 11 with new features and five critical security fixes. It has also simultaneously released security updates for Firefox 3.6.28, Thunderbird 3.1.20 and SeaMonkey 2.8. The vulnerabilities addressed may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.

Mozilla had earlier written that the release of FireFox 11 would be delayed as it was waiting for a report from ZDI about a possible new security vulnerability. However it transpired that the bug was one Mozilla had already identified and fixed. However, Mozilla did add that in order to understand the impacts of Microsoft’s “Patch Tuesday” fixes, it would initially release Firefox for manual updates only.

In Firefox 11 Mozilla has fixed the following Critical vulnerabilities:

  • MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
  • MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
  • MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
  • MFSA 2012-14 SVG issues found with Address Sanitizer
  • MFSA 2012-12 Use-after-free in shlwapi.dll

The new verison also contains the following “Moderate” priority secrurity fixes:

  • MFSA 2012-18 window.fullScreen writeable by untrusted content
  • MFSA 2012-15 XSS with multiple Content Security Policy headers
  • MFSA 2012-13 XSS with Drag and Drop and Javascript: URL

 

Mozilla Releases Another New Version of Firefox to Fix Yet Another Critical Vulnerability

(LiveHacking.Com) – Less then 7 days after the release of Firefox 10.0.1, Mozilla has now released a new version of Firefox (10.0.2) and Thunderbird (also 10.0.2) to fix a Critical libpng integer overflow vulnerability. The bug, which affects Firefox, Thunderbird, SeaMonkey, is an integer overflow in the libpng library that can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable.

The presence of the bug first came to light when Google released Chrome 17.0.963.56 to fix the integer overflow in libpng where it was noted that the bug allows remote attackers to cause a denial of service. According to the Chromium source code the fix includes a check for both truncation (64-bit platforms) and integer overflow.

Also fixed in 10.0.2 is a bug where Java applets sometimes caused text input to become unresponsive (bug 718939).

Mozilla Fixes Critical Vulnerability in Firefox and Thunderbird

(LiveHacking.Com) – Mozilla has released new versions of Firefox and Thunderbird to fix a “use after free” crash which is potentially exploitable. According to the security advisory Mozilla developers Andrew McCreight and Olli Pettay found that the ReadPrototypeBindings code leaves a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

The Mozilla Foundation said Firefox 9 and earlier browser versions are not affected by this vulnerability.

Mozilla Updates Firefox 3.5, 3.6 and 4.0

Mozilla has released a series of security updates for all currently supported versions of Firefox. Firefox 4.0.1, 3.6.17 and 3.5.19 are now available for Windows, Mac, and Linux. Mozilla is recommending that users update to the latest versions but also encourage all users to upgrade to Firefox 4 as this is the last planned security and stability release for Firefox 3.5.

The first fixes are for several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and Mozilla presume that with enough effort at least some of these could be exploited to run arbitrary code.

A minor security vulnerability was fixed in the XSLT generate-id() function as it was revealing a specific valid address of an object on the memory heap. It is theoretical that this information could have been used in combination with other heap corruption exploits.

There is also a fix for a vulnerability in the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox 3.5 and 3.6 that if exploited could allow an attacker to obtain elevated access to resources on a user’s system.

Specific to Firefox 4 is an additional fix to its WebGL feature. Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature. Also there is a fix for a vulnerability that could potentially be used to bypass a security feature of recent Windows versions.

Mozilla has also released Thunderbird 3.1.10. The release notes are available here.

New Chrome and New Thunderbird – Multiple Vulnerabilities Fixed (Updated)

Google has released Chrome 9.0.597.107 for all platforms with a total of 19 security fixes which cost Google $14,000 under its Chromium Security Rewards program. To date Google has given away over $100,000 to ethical hackers who have found and reported security issues with Google’s browser.

The success of the Chrome rewards program led Google to launch a similar program for its Web services back in November. It covers XSS, CSRF, XSSI and other types of vulnerabilities.

Of the 19 fixes to Chrome, 16 where considered high priority by Google including a “URL bar spoof”. The details of the fixes haven’t yet been made public as Google restricts the access to the fix details until “the majority of Chrome users have updated to the latest patched version.”

Google isn’t the only one who has been updating its software. Mozilla has released a new version of its email client Thunderbird. According to its web site Thunderbird 3.1.8 contains several fixes to improve performance, stability and security. The improved stability includes a fix for a crash caused by corrupted JPEG image.

For a more detailed list of bug fixes, see the Rumbling Edge for a Thunderbird-focused list, or the complete list of changes in this version.

UPDATE: Mozilla has also released Firefox 3.5.17 with several security related fixes including a fix for CVE-2010-3777 a vulnerability which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Multiple Unspecified Vulnerabilities in Mozilla Firefox, Thunderbird and SeaMonkey

Mozilla Firefox, Thunderbird and SeaMonkey are vulnerable to multiple unspecified security issues. The vulnerabilities occur in the operating system (OS) font code. No further information is available about these issues.

New versions of Firefox, Thunderbird and SeaMonkey are available to address these issues.

These issues are fixed in the following versions:

  • Firefox 3.6.13
  • Firefox 3.5.16
  • Thunderbird 3.0.11
  • Thunderbird 3.1.7
  • SeaMonkey 2.0.11