A Digital Age Deserves A Digital Leader

Mozilla Firefox Multiple Vulnerabilities

Mozilla Firefox Multiple Vulnerabilities

Postby augie » Wed Dec 20, 2006 3:43 am

ecunia Advisory: SA23282
Release Date: 2006-12-19

Highly critical
Impact: Cross Site Scripting
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

Software: Mozilla Firefox 1.x
Mozilla Firefox 2.0.x

CVE reference: CVE-2006-6497 (Secunia mirror)
CVE-2006-6498 (Secunia mirror)
CVE-2006-6499 (Secunia mirror)
CVE-2006-6500 (Secunia mirror)
CVE-2006-6501 (Secunia mirror)
CVE-2006-6502 (Secunia mirror)
CVE-2006-6503 (Secunia mirror)
CVE-2006-6504 (Secunia mirror)
CVE-2006-6506 (Secunia mirror)
CVE-2006-6507 (Secunia mirror)

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system.

1)Various errors in the layout engine and JavaScript engine can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code.

2) An error when reducing the CPU's floating point precision, which may happen on Windows when loading a plugin creating a Direct3D device, may cause the "js_dtoa()" function to not exit and instead cause a memory corruption.

:source: and :moreat: Secunia
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest