(CVE-2013-1726) - Calling scope for new Javascript objects with compartments can lead to memory corruption (CVE-2013-1725) - A use-after-free vulnerability via the element could lead to a potentially exploitable crash (CVE-2013-1724) - the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners, which can lead to an unexploitable crash (CVE-2013-1723) - Use-after-free in Animation Manager during stylesheet cloning can lead to a potentially exploitable crash (CVE-2013-1722) - Incorrectly stored stack information in the HTML5 Tree Builder can lead to code execution (CVE-2013-1720) - Various memory corruption vulnerabilities (CVE-2013-1735, CVE-2013-1736, CVE-2013-1718, CVE-2013-1719) Solution Upgrade to Firefox ESR version 17.0.9 or later. Versions of Mozilla Firefox ESR prior to version 17.0.10. Solution Upgrade to Firefox ESR 17.0.11 or later.
FIREFOX ESR 17.0 UPDATE
(CVE-2013-1732) - Compartment mismatch when moving XBL-backed nodes into a new document can lead cause a crash (CVE-2013-1730) - uninitialized data and variables in the IonMonkey Javascript engine can be used with additional exploits to allow access to previously allocated memory (CVE-2013-1728) - the MAR update file is not write-locked when used by the Mozilla Updater, which can allow the altering of the MAR file content after its signature has been checked but before it has been used. The remote host has a web browser installed that is vulnerable to multiple attack vectors. The installed version of Firefox ESR is a version prior to 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function 'NullCipher' in the file 'ssl/ssl3con.c' and handling handshake packets. (CVE-2013-1737) - Combining lists, floats, and multiple columns in a layout could trigger a potentially exploitable buffer overflow. As always, you re encouraged to tell us what you think, or file a bug in Bugzilla. (CVE-2013-1738) - user-defined getters on DOM proxies would incorrectly get the expando object when accessing the "this" object, which may not be directly exploitable but could lead to incorrect security sensitive decisions. Firefox ESR 17.0.7 Notes - Desktop Mozilla Firefox mozilla Desktop Mobile Releases Add-ons Support About Notes (First offered to Firefox ESR users on June 25, 2013) Check out 'What s New' for this version of Firefox ESR below. Adobe is gradually preparing for the end of its Flash program planned for 2020.
Firefox ESR is intended for system administrators who deploy and maintain the desktop environment in organizations such as schools, governments and businesses. Description Versions of Mozilla Firefox ESR prior to 17.0.9 are prone to the following vulnerabilities : - use-after-free vulnerability in the Garbage Collector could allow a remote attacker to execute arbitrary code in the context of the user. Firefox 31.8.0 ESR Firefox 24.8.1 ESR Firefox 17.0.11 ESR. Synopsis The remote host is utilizing a web browser that is affected by multiple attack vectors. I use Firefox and found this is the list of supported browsers for DASH/TCR Microsoft Internet Explorer 9.0 and future fix packs Microsoft Internet Explorer 8.
0 kommentar(er)
