Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

firefox vulnerabilities

Related Vulnerabilities: CVE-2013-0801   CVE-2013-1669   CVE-2013-1670   CVE-2013-1671   CVE-2013-1674   CVE-2013-1675   CVE-2013-1676   CVE-2013-1677   CVE-2013-1678   CVE-2013-1679   CVE-2013-1680   CVE-2013-1681  

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669)

Source

14 May 2013

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description

  • firefox - Mozilla Open Source web browser

Details

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669)

Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670)

It was discovered that the file input element could expose the full local path under certain conditions. An attacker could potentially exploit this to steal sensitive information. (CVE-2013-1671)

A use-after-free was discovered when resizing video content whilst it is playing. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-1674)

It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675)

Abhishek Arya discovered multiple memory safety issues in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
firefox - 21.0+build2-0ubuntu0.13.04.2
Ubuntu 12.10
firefox - 21.0+build2-0ubuntu0.12.10.2
Ubuntu 12.04 LTS
firefox - 21.0+build2-0ubuntu0.12.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started