1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Mozilla Firefox Two Vulnerabilities

Report ID: SA200903371
Source: Secunia
Date of Discovery: 14.07.2009
Criticality: Urgent
Affects:
Mozilla Firefox 3.5.x

Compromise From: From remote
Compromise Type: System access

Summary

Two vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

Detailed Description

Two vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

1) A vulnerability is caused due to an error in the JIT (Just-in-Time) compiler when returning from e.g. an "escape()" function and can be exploited to trigger a memory corruption.

Successful exploitation allows execution of arbitrary code.

This vulnerability is confirmed in version 3.5. Prior versions may also be affected.

2) An error in the handling of Flash objects when navigating to another page can potentially be exploited to trigger a call to a deleted object and potentially execute arbitrary code.

Solution

Update to version 3.5.1.

Original Reference

-