Mozilla Firefox 4.0.x < 4.0.1 Multiple Vulnerabilities

2011-04-2900:00:00

Tenable

www.tenable.com

Versions of Firefox 4.0.x earlier than 4.0.1 are potentially affected by multiple vulnerabilities :

Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)

Multiple vulnerabilities in the WebGL feature and WebGLES could be exploited to execute arbitrary code or bypass ASLR protection on Windows. (MFSA2011-17) - The XSLT ‘generate-id()’ function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)

Binary data 801264.prm

References

.mozilla.org/security/announce/2011/mfsa2011-12.html

.mozilla.org/security/announce/2011/mfsa2011-17.html

.mozilla.org/security/announce/2011/mfsa2011-18.html

.mozilla.org/security/known-vulnerabilities/firefox40.html#firefox4.0.1

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0068

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202