Firefox security makeover: 11 vulnerabilities, 4 critical
Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks. Four of the 11 flaws covered with the new Firefox 3.0.4 are rated “critical” because of the risk of code execution attacks via specially rigged Web pages. The four critical vulnerabilities are: MFSA 2008-55 Crash and remote code execution in nsFrameManager. A vulnerability in part of Mozilla’s DOM constructing code can be exploited by modifying certain properties of a file input element before it has finished initializing. When the blur method of the modified input element is called, uninitialized memory is accessed by the browser, resulting in a crash. This crash may be used by an attacker to run arbitrary code on a victim’s computer. MFSA 2008-54 Buffer overflow in http-index-format parser. This is a flaw in the way Mozilla parses the http-index-format MIME type. By sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim’s computer. MFSA 2008-53 XSS and JavaScript privilege escalation via session restore. The browser’s session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. Any otherwise unexploitable crash can be used to force the user into the session restore state. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges. MFSA 2008-52 Crashes with evidence of memory corruption. Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. The Firefox update also fixes the following issues: MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome MFSA 2008-47 Information stealing via local shortcut files
Double adjustable digital Dark redstripes dial Waterproof 200 meters daily Shock resistant GSHOCK Full auto tag heuer calendar to year 2039 Accuracy omega 15 seconds per month Electroluminescent back light 1100second stopwatch Analog 2 hands Hour dkny replica breitling watches minute hand moves every 20 seconds Digital Hour minutes seconds pm month date day day of the week 1224 replica movado hour format Regular timekeeping World time Countdown timer Hourly time signal Daily alarms Stainless steel case back with Shock Resist imprinted stainless steel bracelet with easy push
Reply to this
originally a mechanical engineer for a high rolex fake hamilton watches end car took his passion for watches to the next level Joe watches starting making handmade in 1998 for a hobby some of its models will be presented from July 2006 and prevents the opening of an eye for a magazine when get one of those rare beauties available more on that later breitling Joe began the launch of its limited edition watch iwc fake breitling Zinex A tribute to monster BUhren pilot worn during the
Reply to this
she wore a Cartier Tank Francaise watch for photo session for official portrait in the White House Cartier CEO in the North America Frederic de Narp said he was very much pleased by the fact that the first lady valued so much watches by Cartier replica watches According to Frederic de Narp he did not know where Michelle Obama had bought the watch and how long she had been wearing the watch Perhaps replica watches this was a gift from her husband fake tag heuer armani watches Frederic de Narp said Cartier Tank that includes many models Cartier fake movado
Reply to this
Fine information, thanks to the author. This work is really useful and significant.
Reply to this
This is a really good read for me, Must admit that you are one of the best bloggers I have read. Thanks for posting this informative article.
Reply to this
Real Estate Property India: Buy/Sell/Rent Real Estate Properties India. Buy Real Estate Apartments, Commercial Property India, Residential Properties India at AtOnePlace.
Reply to this
I found very interesting stuff on your blog. Thanks for sharing.
Reply to this
The browser’s session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. Any otherwise unexploitable crash can be used to force the user into the session restore state. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges
Reply to this