slesp2-MozillaFirefoxSecurity update for MozillaFirefoxSecurity update for MozillaFirefoxThe Mozilla Firefox Browser was refreshed to the current
MOZILLA_1_8 branch state around fix level 2.0.0.22.
Security issues identified as being fixed are: MFSA 2009-01
/ CVE-2009-0352 / CVE-2009-0353: Mozilla developers
identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products.
Some of these crashes showed evidence of memory corruption
under certain circumstances and we presume that with enough
effort at least some of these could be exploited to run
arbitrary code.
MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla
developers identified and fixed several stability bugs in
the browser engine used in Firefox and other Mozilla-based
products. Some of these crashes showed evidence of memory
corruption under certain circumstances and we presume that
with enough effort at least some of these could be
exploited to run arbitrary code.
MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher
Georgi Guninski reported that a website could use
nsIRDFService and a cross-domain redirect to steal
arbitrary XML data from another domain, a violation of the
same-origin policy. This vulnerability could be used by a
malicious website to steal private data from users
authenticated to the redirected website.
MFSA 2009-10 / CVE-2009-0040: Google security researcher
Tavis Ormandy reported several memory safety hazards to the
libpng project, an external library used by Mozilla to
render PNG images. These vulnerabilities could be used by a
malicious website to crash a victim's browser and
potentially execute arbitrary code on their computer.
libpng was upgraded to version 1.2.35 which containis fixes
for these flaws.
MFSA 2009-12 / CVE-2009-1169: Security researcher Guido
Landi discovered that a XSL stylesheet could be used to
crash the browser during a XSL transformation. An attacker
could potentially use this crash to run arbitrary code on a
victim's computer. This vulnerability was also previously
reported as a stability problem by Ubuntu community member,
Andre. Ubuntu community member Michael Rooney reported
Andre's findings to Mozilla, and Mozilla community member
Martin helped reduce Andre's original testcase and
contributed a patch to fix the vulnerability.
The Mozilla Firefox Browser was refreshed to the current
MOZILLA_1_8 branch state around fix level 2.0.0.22.
Security issues identified as being fixed are: MFSA 2009-01
/ CVE-2009-0352 / CVE-2009-0353: Mozilla developers
identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products.
Some of these crashes showed evidence of memory corruption
under certain circumstances and we presume that with enough
effort at least some of these could be exploited to run
arbitrary code.
MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla
developers identified and fixed several stability bugs in
the browser engine used in Firefox and other Mozilla-based
products. Some of these crashes showed evidence of memory
corruption under certain circumstances and we presume that
with enough effort at least some of these could be
exploited to run arbitrary code.
MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher
Georgi Guninski reported that a website could use
nsIRDFService and a cross-domain redirect to steal
arbitrary XML data from another domain, a violation of the
same-origin policy. This vulnerability could be used by a
malicious website to steal private data from users
authenticated to the redirected website.
MFSA 2009-10 / CVE-2009-0040: Google security researcher
Tavis Ormandy reported several memory safety hazards to the
libpng project, an external library used by Mozilla to
render PNG images. These vulnerabilities could be used by a
malicious website to crash a victim's browser and
potentially execute arbitrary code on their computer.
libpng was upgraded to version 1.2.35 which containis fixes
for these flaws.
MFSA 2009-12 / CVE-2009-1169: Security researcher Guido
Landi discovered that a XSL stylesheet could be used to
crash the browser during a XSL transformation. An attacker
could potentially use this crash to run arbitrary code on a
victim's computer. This vulnerability was also previously
reported as a stability problem by Ubuntu community member,
Andre. Ubuntu community member Michael Rooney reported
Andre's findings to Mozilla, and Mozilla community member
Martin helped reduce Andre's original testcase and
contributed a patch to fix the vulnerability.
securityMozillaFirefoxi5867513493acb46c184d4884e3972d351f33212195fMozillaFirefox-translationsi58613c56420e0d6f8b1773b86fee92074e7462ecba5