Users of Mozilla Firefox please be advised of a Mozilla Firefox CSS font-face Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-133: ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
Mozilla Firefox CSS font-face
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within handling of references to external font
resources. A value is used as a 16 bit integer in an array allocation
and later as 32 bit when iterating over and then populating these
fields. By creating enough references, a remote attacker can exploit
this vulnerability to execute arbitrary code under the context of the
browser.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/dlVevJ
No comments:
Post a Comment