MDVSA-2013:264 -- Mandriva firefoxID: oval:org.secpod.oval:def:1300241 | Date: (C)2013-11-12 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple security issues was identified and fixed in mozilla firefox: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code . Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation processing. This leads to a potentially exploitable crash . Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable . Security researcher Byoungyoung Lee of Georgia Tech Information Security Center used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash . Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash . Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash . The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by these security flaws.
Platform: |
Mandriva Enterprise Server 5.2 |