F-Secure
Tools
Mozilla Firefox Two Vulnerabilities
| Report ID: | SA200903371 |
| Source: | Secunia |
| Date of Discovery: | 14.07.2009 |
| Criticality: | Urgent |
| Affects: | Mozilla Firefox 3.5.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
Two vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
Detailed Description
Two vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
1) A vulnerability is caused due to an error in the JIT (Just-in-Time) compiler when returning from e.g. an "escape()" function and can be exploited to trigger a memory corruption.
Successful exploitation allows execution of arbitrary code.
This vulnerability is confirmed in version 3.5. Prior versions may also be affected.
2) An error in the handling of Flash objects when navigating to another page can potentially be exploited to trigger a call to a deleted object and potentially execute arbitrary code.
1) A vulnerability is caused due to an error in the JIT (Just-in-Time) compiler when returning from e.g. an "escape()" function and can be exploited to trigger a memory corruption.
Successful exploitation allows execution of arbitrary code.
This vulnerability is confirmed in version 3.5. Prior versions may also be affected.
2) An error in the handling of Flash objects when navigating to another page can potentially be exploited to trigger a call to a deleted object and potentially execute arbitrary code.
Solution
Update to version 3.5.1.
Original Reference
-