Coastal Network Status

attd3c30

South Carolina Information Sharing and Analysis Center

SC INFORMATION SHARING AND ANALYSIS CENTER BULLETIN

DATE ISSUED: 11/21/2012

SUBJECT: Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey applications, which could allow remote code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Thunderbird is an email client. Mozilla SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an email client. Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

DESCRIPTION:

Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. The details of these vulnerabilities are as follows:

Multiple memory-corruption vulnerabilities in the browser engine that could lead to arbitrary code execution. These issues affect Firefox, Thunderbird, and SeaMonkey.
A buffer overflow vulnerability occurs while rendering GIF format images. This issue affects Firefox, Thunderbird, and SeaMonkey
A cross-site scripting vulnerability occurs when the 'evalInSandbox()' function sets a 'location.href' location reference. This issue affects Firefox, Thunderbird, and SeaMonkey
A denial-of-service vulnerability occurs when the SVG text on a path is combined with the setting of CSS properties. This issue affects Firefox, Thunderbird, and SeaMonkey
A privilege-escalation vulnerability occurs when a 'javascript: URL' selected from the list of the Firefox 'new tab' page inherits the privileges of the privileged 'new tab' page. This issue affects Firefox.
A memory-corruption vulnerability occurs in the 'str_unescape' string in the Javascript engine that could lead to arbitrary code execution. This issue affects Firefox, Thunderbird, and SeaMonkey.
A cross-site request forgery vulnerability and an information leakage vulnerability occur when 'XMLHttpRequest' objects created within sandboxes have the system principal instead of the sandbox principal. This issue affects Firefox, Thunderbird, and SeaMonkey.
A DLL hijacking vulnerability occurs that leads to arbitrary code execution from a privileged account. This issue affects Firefox.
A security-bypass vulnerability occurs because 'XrayWrappers' object exposes chrome-only properties even when not present in a chrome compartment.
A cross-site scripting vulnerability occurs due to improper security filtering for cross-origin wrappers.
A cross-site scripting vulnerability occurs due to improper character decoding in the HZ-GB-2312 charset.
An arbitrary code execution vulnerability and a cross-site scripting vulnerability occur when the script entered into the Developer Toolbar runs with chrome privileges. This issue affects Firefox.
A cross-site scripting vulnerability occurs when the location property is set to top and can be accessed by binary plug-ins through top.location with a frame.
A CSS and HTML injection vulnerability occurs when a maliciously crafted stylesheet is inspected in the Style Inspector. This issue affects Firefox.
Multiple buffer overflow and user-after free vulnerabilities occur that lead to remote code execution.
Multiple buffer overflow and user-after free vulnerabilities occur that lead to remote code execution.

Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEMS AFFECTED: