First published: Thu Apr 28 2011(Updated: )
Mozilla Firefox is an open source web browser. XULRunner provides the XUL<br>Runtime environment for Mozilla Firefox.<br>Several flaws were found in the processing of malformed web content. A web<br>page containing malicious content could possibly lead to arbitrary code<br>execution with the privileges of the user running Firefox. (CVE-2011-0080,<br>CVE-2011-0081)<br>An arbitrary memory write flaw was found in the way Firefox handled<br>out-of-memory conditions. If all memory was consumed when a user visited a<br>malicious web page, it could possibly lead to arbitrary code execution<br>with the privileges of the user running Firefox. (CVE-2011-0078)<br>An integer overflow flaw was found in the way Firefox handled the HTML<br>frameset tag. A web page with a frameset tag containing large values for<br>the "rows" and "cols" attributes could trigger this flaw, possibly leading<br>to arbitrary code execution with the privileges of the user running<br>Firefox. (CVE-2011-0077)<br>A flaw was found in the way Firefox handled the HTML iframe tag. A web page<br>with an iframe tag containing a specially-crafted source address could<br>trigger this flaw, possibly leading to arbitrary code execution with the<br>privileges of the user running Firefox. (CVE-2011-0075)<br>A flaw was found in the way Firefox displayed multiple marquee elements. A<br>malformed HTML document could cause Firefox to execute arbitrary code with<br>the privileges of the user running Firefox. (CVE-2011-0074)<br>A flaw was found in the way Firefox handled the nsTreeSelection element.<br>Malformed content could cause Firefox to execute arbitrary code with the<br>privileges of the user running Firefox. (CVE-2011-0073)<br>A use-after-free flaw was found in the way Firefox appended frame and<br>iframe elements to a DOM tree when the NoScript add-on was enabled.<br>Malicious HTML content could cause Firefox to execute arbitrary code with<br>the privileges of the user running Firefox. (CVE-2011-0072)<br>A directory traversal flaw was found in the Firefox resource:// protocol<br>handler. Malicious content could cause Firefox to access arbitrary files<br>accessible to the user running Firefox. (CVE-2011-0071)<br>A double free flaw was found in the way Firefox handled<br>"application/http-index-format" documents. A malformed HTTP response could<br>cause Firefox to execute arbitrary code with the privileges of the user<br>running Firefox. (CVE-2011-0070)<br>A flaw was found in the way Firefox handled certain JavaScript cross-domain<br>requests. If malicious content generated a large number of cross-domain<br>JavaScript requests, it could cause Firefox to execute arbitrary code with<br>the privileges of the user running Firefox. (CVE-2011-0069)<br>A flaw was found in the way Firefox displayed the autocomplete pop-up.<br>Malicious content could use this flaw to steal form history information.<br>(CVE-2011-0067)<br>Two use-after-free flaws were found in the Firefox mObserverList and<br>mChannel objects. Malicious content could use these flaws to execute<br>arbitrary code with the privileges of the user running Firefox.<br>(CVE-2011-0066, CVE-2011-0065)<br>A flaw was found in the Firefox XSLT generate-id() function. This function<br>returned the memory address of an object in memory, which could possibly be<br>used by attackers to bypass address randomization protections.<br>(CVE-2011-1202)<br>For technical details regarding these flaws, refer to the Mozilla security<br>advisories for Firefox 3.6.17. You can find a link to the Mozilla<br>advisories in the References section of this erratum.<br>All Firefox users should upgrade to these updated packages, which contain<br>Firefox version 3.6.17, which corrects these issues. After installing the<br>update, Firefox must be restarted for the changes to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/firefox | <3.6.17-1.el6_0 | 3.6.17-1.el6_0 |
redhat/xulrunner | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/firefox | <3.6.17-1.el6_0 | 3.6.17-1.el6_0 |
redhat/firefox-debuginfo | <3.6.17-1.el6_0 | 3.6.17-1.el6_0 |
redhat/firefox-debuginfo | <3.6.17-1.el6_0 | 3.6.17-1.el6_0 |
redhat/xulrunner | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/xulrunner-debuginfo | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/xulrunner-debuginfo | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/xulrunner-devel | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/xulrunner-devel | <1.9.2.17-4.el6_0 | 1.9.2.17-4.el6_0 |
redhat/firefox | <3.6.17-1.el5_6 | 3.6.17-1.el5_6 |
redhat/xulrunner | <1.9.2.17-3.el5_6 | 1.9.2.17-3.el5_6 |
redhat/firefox | <3.6.17-1.el5_6 | 3.6.17-1.el5_6 |
redhat/xulrunner | <1.9.2.17-3.el5_6 | 1.9.2.17-3.el5_6 |
redhat/xulrunner-devel | <1.9.2.17-3.el5_6 | 1.9.2.17-3.el5_6 |
redhat/xulrunner-devel | <1.9.2.17-3.el5_6 | 1.9.2.17-3.el5_6 |
redhat/firefox | <3.6.17-2.el4 | 3.6.17-2.el4 |
redhat/firefox | <3.6.17-2.el4 | 3.6.17-2.el4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.