The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Firefox, SeaMonkey: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities of Firefox and SeaMonkey can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES.
Severity of this bulletin: 4/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/06/2010.
Revision date: 13/09/2010.
Références of this threat: 424558, 475585, 484890, 509839, 524921, 526449, 531176, 532246, 534666, 534768, 537120, 546611, 551233, 551661, 552255, 553938, 554255, 555109, 557174, 557946, 561031, 561592, BID-41050, BID-41082, BID-41087, BID-41090, BID-41093, BID-41094, BID-41099, BID-41100, BID-41102, BID-41103, CERTA-2002-AVI-268, CERTA-2010-AVI-154, CERTA-2010-AVI-282, CERTA-2010-AVI-283, CERTFR-2014-AVI-244, CVE-2008-5913, CVE-2010-0183, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, DSA-2064-1, MDVSA-2010:125, MFSA 2010-25, MFSA 2010-26, MFSA 2010-27, MFSA 2010-28, MFSA 2010-29, MFSA 2010-30, MFSA 2010-31, MFSA 2010-32, MFSA 2010-33, openSUSE-SU-2014:1100-1, RHSA-2010:0499-01, RHSA-2010:0500-01, RHSA-2010:0501-01, SSA:2010-176-02, SSA:2010-176-03, SUSE-SA:2010:030, VIGILANCE-VUL-9723, ZDI-10-113.

Description of the vulnerability 

Several vulnerabilities were announced in Firefox and SeaMonkey.

An attacker can create a malicious document containing DOM (Document Object Model) nodes, in order to corrupt the memory, which leads to code execution when the victim displays it (VIGILANCE-VUL-9555). [severity:4/4; 555109, CERTA-2010-AVI-154, CERTA-2010-AVI-283, CVE-2010-1121, MFSA 2010-25]

An attacker can generate several memory corruptions, in order to execute code. [severity:4/4; 424558, 484890, 509839, 524921, 526449, 531176, 534768, 546611, 551233, 551661, 553938, 557946, 561031, 561592, BID-41090, BID-41093, BID-41094, BID-41099, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, MFSA 2010-26]

An attacker can force the usage of a freed memory area by nsCycleCollector::MarkRoots(), in order to execute code. [severity:4/4; 557174, BID-41100, CVE-2010-0183, MFSA 2010-27]

A web page can contain two plugins, to corrupt the memory, in order to execute code. [severity:4/4; 532246, BID-41102, CVE-2010-1198, MFSA 2010-28]

An attacker can generate a buffer overflow in nsGenericDOMDataNode::SetTextInternal, in order to execute code. [severity:4/4; 534666, BID-41087, CVE-2010-1196, MFSA 2010-29]

An attacker can generate an integer overflow when sorting XSLT nodes, in order to execute code. [severity:4/4; 554255, BID-41082, CVE-2010-1199, MFSA 2010-30, ZDI-10-113]

An attacker can use focus() to inject or read characters. [severity:2/4; 552255, CVE-2010-1125, MFSA 2010-31]

An attacker can use "Content-Disposition: attachment" and "Content-Type: multipart" to generate a Cross Site Scripting. [severity:2/4; 537120, BID-41103, CVE-2010-1197, MFSA 2010-32]

An attacker can use Math.random() to recognize a visitor. [severity:1/4; 475585, CERTA-2010-AVI-282, CVE-2008-5913, MFSA 2010-33]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 9 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this security note.

Solutions for this threat 

Firefox: version 3.6.4.
Version 3.6.4 is corrected:
  http://www.mozilla.com/firefox/

Firefox: version 3.5.10.
Version 3.5.10 is corrected:
  http://www.mozilla.com/en-US/firefox/all-older.html

SeaMonkey: version 2.0.5.
Version 2.0.5 is corrected:
  http://www.seamonkey-project.org/releases/

Debian: new xulrunner packages.
New packages are available:
  http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-*_1.9.0.19-2_*.deb

Fedora: new firefox packages.
New packages are available, as indicated in information sources.

Mandriva: new firefox packages.
New packages are available:
  Mandriva Linux 2008.0: firefox-3.6.4-0.1mdv2008.0
  Mandriva Linux 2009.0: firefox-3.6.4-0.1mdv2009.0
  Mandriva Linux 2009.1: firefox-3.6.4-0.1mdv2009.1
  Mandriva Linux 2010.0: firefox-3.6.4-0.1mdv2010.0
  Mandriva Enterprise Server 5: firefox-3.6.4-0.1mdvmes5.1

openSUSE 11.4: new MozillaFirefox packages (09/09/2014).
New packages are available:
  openSUSE 11.4: MozillaFirefox 24.8.0-127.1

RHEL 3, 4: new seamonkey packages.
New packages are available:
Red Hat Enterprise Linux version 3:
  seamonkey-1.0.9-0.55.el3
Red Hat Enterprise Linux version 4:
  seamonkey-1.0.9-58.el4_8

RHEL 4, 5: new firefox packages (23/06/2010).
New packages are available:
Red Hat Enterprise Linux version 4:
  firefox-3.6.4-8.el4
Red Hat Enterprise Linux version 5:
  firefox-3.6.4-8.el5

Slackware: new mozilla-firefox packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mozilla-firefox-3.6.4-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mozilla-firefox-3.6.4-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mozilla-firefox-3.6.4-x86_64-1_slack13.0.txz

Slackware: new seamonkey packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-2.0.5-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-2.0.5-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-2.0.5-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/seamonkey-solibs-2.0.5-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-2.0.5-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/seamonkey-solibs-2.0.5-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-2.0.5-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/seamonkey-solibs-2.0.5-x86_64-1_slack13.1.txz

Solaris: patch for Firefox (17/03/2011).
A patch is available:
Oracle Solaris 11 Express :
  snv_151a + bug 6997419
Solaris 10 :
  SPARC: 145080-02
  X86: 145081-02

SUSE: new MozillaFirefox packages.
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.