slesp2-MozillaFirefoxSecurity update for MozillaFirefoxSecurity update for MozillaFirefoxMozillaFirefox was updated to version 2.0.0.16, which fixes
various bugs and following security issues:
MFSA 2008-34 CVE-2008-2785: An anonymous researcher, via
TippingPoint's Zero Day Initiative program, reported a
vulnerability in Mozilla CSS reference counting code. The
vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects.
By creating a very large number of references to a common
CSS object, this counter could be overflowed which could
cause a crash when the browser attempts to free the CSS
object while still in use. An attacker could use this crash
to run arbitrary code on the victim's computer.
MFSA 2008-35 CVE-2008-2933: Security researcher Billy Rios
reported that if Firefox is not already running, passing it
a command-line URI with pipe symbols will open multiple
tabs. This URI splitting could be used to launch privileged
chrome: URIs from the command-line, a partial bypass of the
fix for MFSA 2005-53 which blocks external applications
from loading such URIs. This vulnerability could also be
used by an attacker to launch a file: URI from the command
line opening a malicious local file which could exfiltrate
data from the local filesystem. Combined with a
vulnerability which allows an attacker to inject code into
a chrome document, the above issue could be used to run
arbitrary code on a victim's computer. Such a chrome
injection vulnerability was reported by Mozilla developers
Ben Turner and Dan Veditz who showed that a XUL based SSL
error page was not properly sanitizing inputs and could be
used to run arbitrary code with chrome privileges.
MozillaFirefox was updated to version 2.0.0.16, which fixes
various bugs and following security issues:
MFSA 2008-34 CVE-2008-2785: An anonymous researcher, via
TippingPoint's Zero Day Initiative program, reported a
vulnerability in Mozilla CSS reference counting code. The
vulnerability was caused by an insufficiently sized
variable being used as a reference counter for CSS objects.
By creating a very large number of references to a common
CSS object, this counter could be overflowed which could
cause a crash when the browser attempts to free the CSS
object while still in use. An attacker could use this crash
to run arbitrary code on the victim's computer.
MFSA 2008-35 CVE-2008-2933: Security researcher Billy Rios
reported that if Firefox is not already running, passing it
a command-line URI with pipe symbols will open multiple
tabs. This URI splitting could be used to launch privileged
chrome: URIs from the command-line, a partial bypass of the
fix for MFSA 2005-53 which blocks external applications
from loading such URIs. This vulnerability could also be
used by an attacker to launch a file: URI from the command
line opening a malicious local file which could exfiltrate
data from the local filesystem. Combined with a
vulnerability which allows an attacker to inject code into
a chrome document, the above issue could be used to run
arbitrary code on a victim's computer. Such a chrome
injection vulnerability was reported by Mozilla developers
Ben Turner and Dan Veditz who showed that a XUL based SSL
error page was not properly sanitizing inputs and could be
used to run arbitrary code with chrome privileges.
securityMozillaFirefoxi586a1bb4fa77e9b7a925b3877e67c454f8eab672b04MozillaFirefox-translationsi586f46019fddf72c5f0a2fd18f7c537ff5239d042d8