Wednesday, 21 July 2010

Mozilla Firefox 3.6.7 soluciona varias vulnerabilidades críticas

Una nota rápida para comentar esta importante actualización de Firefox a su versión 3.6.7, la cual corregidas varias vulnerabilidades críticas:


Fixed in Firefox 3.6.7


MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)


Haz click en el enlace de cada vulnerabilidad para obtener los detalles técnicos.


Actualización:

Fixed in Firefox 3.6.8


MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix

Fixed in Firefox 3.6.9


MFSA 2010-63Information leak via XMLHttpRequest statusText
MFSA 2010-62Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61UTF-7 XSS by overriding document charset using <object> type attribute
MFSA 2010-59SJOW creates scope chains ending in outer object
MFSA 2010-58Crash on Mac using fuzzed font in data: URL
MFSA 2010-57Crash and remote code execution in normalizeDocument
MFSA 2010-56Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55XUL tree removal crash and remote code execution
MFSA 2010-54Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52Windows XP DLL loading vulnerability
MFSA 2010-51Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50Frameset integer overflow vulnerability
MFSA 2010-49Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)



Update it! Check it out: http://www.mozilla.com/ 
Last release available is 3.6.10

No comments:

Post a Comment