openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)

This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of thes...

Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (MFSA2010-59) - Windows

Mozilla Firefox/Thunderbird are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Foundation Security Advisory 2010-59

Mozilla Foundation Security Advisory 2010-59 Title: SJOW creates scope chains ending in outer object Impact: Critical Announced: September 7, 2010 Reporter: Blake Kaplan Products: Firefox, Thunderbird Fixed in: Firefox 3.6.9 Thunderbird 3.1.3 Description Mozilla developer Blake Kaplan reported th...

Mozilla Products 'SJOW' Multiple Vulnerabilities (MFSA2010-60) - Windows

Mozilla Firefox/Seamonkey/Thunderbird are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-2762

CVE-2010-2762 affects Mozilla Firefox 3.6.x (prior to 3.6.9) and Thunderbird 3.1.x (prior to 3.1.3). The issue lies in the SafeJSObjectWrapper (SJOW) implementation: the XPCSafeJSObjectWrapper class does not properly restrict objects at the end of scope chains, enabling remote attackers to execut...

FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

The Mozilla Project reports : MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...

XSS using SJOW scripted function — Mozilla

Mozilla security researcher mozbugra4 reported that the wrapper class XPCSafeJSObjectWrapper SJOW on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation ...

Mozilla Firefox SJOW方式权限提升漏洞

BUGTRAQ ID: 41868 CVE ID: CVE-2010-1215 Firefox是一款流行的开源WEB浏览器。 当运行在chrome环境中的内容脚本通过SJOW方式访问内容对象时，内容代码可以获得对chrome中对象的访问，并使用该对象以chrome权限执行任意JavaScript。 Mozilla Firefox 3.6.x Mozilla Thunderbird 3.1.x 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/ RedHat ------...

Mozilla Foundation Security Advisory 2010-38

Mozilla Foundation Security Advisory 2010-38 Title: Arbitrary code execution using SJOW and fast native function Impact: Critical Announced: July 20, 2010 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.7 Thunderbird 3.1.1 Description Mozilla security researcher mozbugra4...

Firefox Hit by Drive-by Download Flaws

Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks. The latest Firefox 3.6.7 update includes fixes for nine “critical” issues that could be exploited to launch remote code executi...

Arbitrary code execution using SJOW and fast native function — Mozilla

Mozilla security researcher mozbugra4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges...