« Похакані сайти №326
Жовтневий вівторок патчів від Microsoft »

Численні уразливості в Mozilla Firefox, Thunderbird, Seamonkey

20:01 22.10.2016

Виявлені численні уразливості безпеки в Mozilla Firefox, Thunderbird, Seamonkey.

Уразливі продукти: Mozilla Firefox 47, Firefox ESR 45.2, Thunderbird 45.2, SeaMonkey 2.39.

Пошкодження пам’яті, переповнення буфера, вибивання, підробка адресного рядку, витік інформації, обхід обмежень.

  • MFSA-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (деталі)
  • MFSA-63 Favicon network connection can persist when page is closed (деталі)
  • MFSA-64 Buffer overflow rendering SVG with bidirectional content (деталі)
  • MFSA-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (деталі)
  • MFSA-66 Location bar spoofing via data URLs with malformed/invalid mediatypes (деталі)
  • MFSA-67 Stack underflow during 2D graphics rendering (деталі)
  • MFSA-68 Out-of-bounds read during XML parsing in Expat library (деталі)
  • MFSA-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter (деталі)
  • MFSA-70 Use-after-free when using alt key and toplevel menus (деталі)
  • MFSA-71 Crash in incremental garbage collection in JavaScript (деталі)
  • MFSA-72 Use-after-free in DTLS during WebRTC session shutdown (деталі)
  • MFSA-73 Use-after-free in service workers with nested sync events (деталі)
  • MFSA-74 Form input type change from password to text can store plain text password in session restore file (деталі)
  • MFSA-75 Integer overflow in WebSockets during data buffering (деталі)
  • MFSA-76 Scripts on marquee tag can execute in sandboxed iframes (деталі)
  • MFSA-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (деталі)
  • MFSA-78 Type confusion in display transformation (деталі)
  • MFSA-79 Use-after-free when applying SVG effects (деталі)
  • MFSA-80 Same-origin policy violation using local HTML file and saved shortcut file (деталі)
  • MFSA-81 Information disclosure and local file manipulation through drag and drop (деталі)
  • MFSA-82 Addressbar spoofing with right-to-left characters on Firefox for Android (деталі)
  • MFSA-83 Spoofing attack through text injection into internal error pages (деталі)
  • MFSA-84 Information disclosure through Resource Timing API during page navigation (деталі)

This entry was posted on 20:01 22.10.2016 and is filed under Новини, Помилки. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply

You must be logged in to post a comment.