![]() (MFSA 2012-63) - Heap-buffer-overflow in nsSVGFEMorphologyElement::Filter. In that situation, the internal representation of the 'requiredFeatures' value could be freed prematurely. The second issue is a use-after-free when an element with a 'requiredFeatures' attribute is moved between documents. The first issue is a buffer overflow in Gecko's SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. (CVE-2012-3968) - stack scribbling with 4-byte values choosable among a few values, when using more than 16 sampler uniforms, on Mesa, with all drivers CVE-2012-3967 - Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. (MFSA 2012-62) - use after free, webgl fragment shader deleted by accessor. ![]() The second issue exposes a problem with Mesa drivers on Linux, leading to a potentially exploitable crash. The first issue is a use-after-free when WebGL shaders are called after being destroyed. (MFSA 2012-61 / CVE-2012-3966) - Security researcher miaubiz used the Address Sanitizer tool to discover two WebGL issues. This crash may be potentially exploitable. When processing a negative 'height' header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. (MFSA 2012-60 / CVE-2012-3965) - Security researcher Frederic Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. Once about:newtab is loaded, the special context can potentially be used to escalate privilege, allowing for arbitrary code execution on the local system in a maliciously crafted attack. (MFSA 2012-59 / CVE-2012-1956) - Security researcher Mariusz Mlynski reported that when a page opens a new tab, a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks. (CVE-2012-3964) - Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using fineProperty. (CVE-2012-3963) - Heap-use-after-free READ 8 in gfxTextRun::GetUserData. (CVE-2012-3962) - use after free in js::gc::MapAllocToTraceKind. (CVE-2012-3961) - Bad iterator in text runs. (CVE-2012-3959) - Heap-use-after-free in mozSpellChecker::SetCurrentDictionary. (CVE-2012-3958) - Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode. (CVE-2012-3957) - Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements. (CVE-2012-3956) - Heap-buffer-overflow in nsBlockFrame::MarkLineDirty. (CVE-2012-1976) - Heap-use-after-free in MediaStreamGraphThreadRunnable::Run(). (CVE-2012-1975) - Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues. (CVE-2012-1974) - Heap-use-after-free in PresShell::CompleteMove. (CVE-2012-1973) - Heap-use-after-free in gfxTextRun::CanBreakLineBefore. (CVE-2012-1972) - Heap-use-after-free in nsObjectLoadingContent::LoadObject. (MFSA 2012-58) - Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes. Many of these issues are potentially exploitable, allowing for remote code execution. (CVE-2012-1970) - Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. (CVE-2012-1971) - Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14. (MFSA 2012-57) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. The following security issues have been addressed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. ![]() Description Mozilla Firefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems. Synopsis The remote SuSE 11 host is missing one or more security updates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |