Posts etiquetados ‘firefox vulnerability’

Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to cause the browser to stop responding, thus denying service to legitimate users.

Published:     May 28 2009 12:00AM
Updated:        May 29 2009 03:49PM

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

firefox vs IE

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, help launch cross-site scripting attacks, and execute arbitrary script code with elevated privileges; other attacks are also possible.

Update (18th December, 2008): Mozilla Firefox 2.0.0.19 for Windows is vulnerable to the cross-domain information-disclosure vulnerability documented by MFSA 2008-65. Firefox 2.0.0.20 is available and addresses this issue.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

firefox3

Los desarrolladores de Firefox han publicado una nueva versión, la 3.0.5, que soluciona tres vulnerabilidades críticas.

Las tres vulnerabilidades críticas se refieren a vulnerabilidades del tipo XSS en SessionStore, XSS y JavaScript, que permiten a un atacante una escalada de privilegios, así como producir corrupción de memoria.

Las dos últimas vulnerabilidades también afectan al cliente de correo Thunderbird, del cual aún no han publicado la actualización que lo solucione los fallos de seguridad, y la cual puede ser utilizada para ejecutar código malintencionado e instalar el software, ya que no requiere la interacción del usuario más allá de la navegación normal.

Firefox 3.0.5 se puede descargar desde la página de Firefox o también mediante el servicio de actualización de Firefox, seleccionando Ayuda y a continuación comprobar las actualizaciones.

Visto en Security Advisories for Firefox 3.0.

fuente: websecurity

firefox2

Mozilla Firefox is prone to an information-disclosure vulnerability when processing ‘.url’ shortcut files in HTML elements.

An attacker can exploit the issue to obtain sensitive information such as browser cache files, cookie data, or local filesystem details. Information harvested may aid in further attacks.

NOTE: To exploit this issue, an attacker must trick a victim into saving a malicious HTML file to the local system and then following a malicious URI.

Mozilla Firefox 3.0.1, 3.0.2, and 3.0.3 are reported vulnerable.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

firefox1

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird and SeaMonkey.

Exploiting these issues can allow attackers to:

– steal authentication credentials
– obtain potentially sensitive information
– violate the same-origin policy
– execute scripts with elevated privileges
– cause denial-of-service conditions
– execute arbitrary code

Other attacks are also possible.

These issues are present in the following applications

– Mozilla Firefox 3.0.3 and prior
– Mozilla Firefox 2.0.0.17 and prior
– Mozilla Thunderbird: 2.0.0.17 and prior
– Mozilla SeaMonkey 1.1.13 and prior

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

firefox