MAAS History
Archives
« Mail Service Update 1.0 for Snow Leopard Server v10.6.2 | Main | New Acrobat 9.2 and Acrobat Reader Vulnerability in the Wild »
Wednesday
Dec162009

Firefox 3.5.6 Update Released

DateWednesday, December 16, 2009 at 09:33AM

Mozilla has released Firefox which address several security flaws, three of which are critical. Two are related to specific media, there was an integer overflow crash flaw in the libheora video library. They also fixed liboggplay media library, it now implements memory safe calls. Memory corruption was causing a crash of the application leaving a finger print within memory. It was possible to execute malicious code. 

Other fixes includes the following:

 

  • MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
  • MFSA 2009-70 Privilege escalation via chrome window.opener
  • MFSA 2009-69 Location bar spoofing vulnerabilities
  • MFSA 2009-68 NTLM reflection vulnerability
  • MFSA 2009-67 Integer overflow, crash in libtheora video library
  • MFSA 2009-66 Memory safety fixes in liboggplay media library
  • MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

 

AuthordrStrangeP0rk | CommentPost a Comment | Reference2 References |
in , ,

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.