Mozilla Firefox Multiple Vulnerabilities
SECUNIA ADVISORY ID:
Cross Site Scripting, Exposure of sensitive information, DoS, System
Mozilla Firefox 1.x
Mozilla Firefox 2.0.x
Multiple vulnerabilities have been reported in Mozilla Firefox, which
can be exploited by malicious people to gain knowledge of certain
information, conduct cross-site scripting attacks, and potentially
compromise a user's system.
exploited to cause memory corruption and some may potentially allow
execution of arbitrary code.
2) An error when reducing the CPU's floating point precision, which
may happen on Windows when loading a plugin creating a Direct3D
device, may cause the "js_dtoa()" function to not exit and instead
cause a memory corruption.
3) A boundary error when setting the cursor to a Windows bitmap using
the CSS cursor property can be exploited to cause a heap-based buffer
exploited to execute arbitrary code.
5) An error in LiveConnect causes an already freed object to be used
and may potentially allow execution of arbitrary code.
6) An error in the handling of the "src" attribute of IMG elements
loaded in a frame can be exploited to change the attribute to a
code in a user's browser session.
7) A memory corruption error within the SVG processing may allow
execution of arbitrary code by appending an SVG comment DOM node from
one document into another type of document (e.g. HTML).
8) The "Feed Preview" feature of Firefox 2.0 may leak feed-browsing
habits to websites when retrieving the icons of installed web-based
9) A Function prototype regression in Firefox 2.0 can be exploited to
execute arbitrary HTML and script code in a user's browser session.
Update to version 18.104.22.168 or 22.214.171.124.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits the following:
1) Andrew Miller, David Baron, moz_bug_r_a4, Georgi Guninski, Jesse
Ruderman, Olli Pettay, Igor Bukanov, and Vladimir Vukicevic.
2) Keith Victor
3) Frederik Reiss
5) Steven Michaud
7) An anonymous person via ZDI.
8) Jared Breland
Hi norin[email protected]
in the About tab of my version of FF it says v2.0 now when i go to C:\Program Files\Mozilla Firefox\ and open the properties to firefox.exe in the version tab is shows:
File Version: 1.8.20061.1023
and then selecting File Version from the "Other version information section in the Version tab i get the following:
File Version: 1.8.1: 2006101023
Yes, thats correct in one part. It basically shows the build date/time of the last official release. Now we have the new one. :grin:now with my thinking i'd think the 200610 part would mean 10/2006 liek October 2006. which is the time i updated i think. but i'm not sure.