If you have licensed a Flexera product that has provided access to Secunia Advisories, all use of Secunia Advisories is subject to your license agreement with Flexera. If you have not licensed a Flexera product that provides access to Secunia Advisories:
a) All use of Secunia Advisories is for non-commercial use only.
b) For further information, see the End User License Agreement or contact us.

If you are an IT security professional, request a free trial of Software Vulnerability Manager.

 
Highly critical

Mozilla Firefox Multiple Vulnerabilities

-

Release Date:  2010-05-27    Last Update:  2010-08-03    Views:  29,100

Secunia Advisory SA39925

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Description


Some weaknesses and vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, potentially conduct cross-site scripting attacks, bypass certain security restrictions, conduct spoofing attacks, and compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Mozilla Firefox Multiple Vulnerabilities

User Message
Jesant13 RE: Mozilla Firefox Error Handling Information Disclosure Vulnerability
Member 4th Jun, 2010 18:44
Score: -3
Posts: 41
User Since: 10th Sep 2009
System Score: N/A
Location: US
Last edited on 4th Jun, 2010 18:44
I went to Mozilla's Bugzilla to report this vulnerability to them and discovered that somebody already has and that someone is working on it: https://bugzilla.mozilla.org/show_bug.cgi?id=56856...
Was this reply relevant?
+4
-0

motty

RE: Mozilla Firefox Error Handling Information Disclosure Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
TenorBrian RE: Mozilla Firefox Error Handling Information Disclosure Vulnerability
Member 24th Jun, 2010 22:41
Score: 0
Posts: 1
User Since: 12th Jan 2010
System Score: N/A
Location: US
Last edited on 24th Jun, 2010 22:44
Firefox just released 3.6.4....since this vulnerability has been out for awhile, I would have thought they'd have fixed it already. When I look at Firefox in the PSI "patched" section, it sees version 3.6.4, and shows that this patched a Cat 4 vulnerability, but all that was showing before was a Cat 2. Is Secunia sure this hasn't been patched?
Was this reply relevant?
+0
-0
Anthony Wells RE: Mozilla Firefox Error Handling Information Disclosure Vulnerability
Expert Contributor 25th Jun, 2010 00:21
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Jun, 2010 00:31
@TenorBrian ,

As a new poster to the Community Forum , let me advise you that the threads in this , the "vulnerabilities" sub-forum , are reserved for technical commentary on the Secunia Advisory itself ; in this case your comments/questions are not relevant to the actual technicalities of SA39925 .

I would suggest you repost your question by "creating" your own thread in either the "Program" or "PSI" sub-forum in the Community Forum - see the left hand column on this web page ; this thread already deals with some of your points :-

http://secunia.com/community/forum/thread/show/459...

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

-

You must be logged in to post a comment.