DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Mozilla
Firefox, which can be exploited by malicious people to disclose
potentially sensitive information, conduct spoofing attacks, bypass
certain security restrictions, and compromise a user’s system.
-
Some unspecified errors can be exploited to cause memory
corruption. No further information is currently available. -
Some more unspecified errors can be exploited to cause memory
corruption. No further information is currently available. -
An out-of-bounds read error in the
“mozilla::image::RasterImage::DrawFrameTo()” function when rendering
GIF images can potentially be exploited to display otherwise
inaccessible data. -
An unspecified error when handling a WebIDL object can be
exploited to wrap an already wrapped WebIDL object and overwrite the
wrapped state. -
An unspecified error can be exploited to bypass certain
protections in Chrome Object Wrappers (COW) and System Only Wrappers
(SOW) and subsequently to leak certain information or execute
arbitrary code. -
A use-after-free error exists in the
“nsImageLoadingContent::OnStopContainer()” function when executing
content script. -
An error when displaying the content of a 407 response of a proxy
can be exploited to spoof a HTTP or HTTPS URL displayed in the
address bar. -
A use-after-free error exists in the
“nsOverflowContinuationTracker::Finish()” function. -
An unspecified error in the
“nsSaveAsCharset::DoCharsetConversion()” function can be exploited to
cause a heap-based buffer overflow -
A use-after-free error exists in the
“nsDisplayBoxShadowOuter::Paint()” function. -
An out-of-bounds read error exists in the
“ClusterIterator::NextCluster()” function. -
An out-of-bound read error exists in the
“nsCodingStateMachine::NextState()” function. -
A use-after-free error exists in the
“nsPrintEngine::CommonPrint()” function.
Successful exploitation of the vulnerabilities #1, #2, #4 through #6,
and #8 through #13 may allow the execution of arbitrary code.
SOLUTION:
Upgrade to version 19.