Users of ZDI please be advised of a Mozilla Firefox Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-132: ZDI-10-132 Mozilla Firefox Remote Code Execution Vulnerability
Mozilla Firefox Plugin Parameter
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within the browser's method for parsing child
elements out of a particular tag. The application will use a 32-bit
index to enumerate them, but will store it in a 16-bit signed integer
and then use it to allocate space for a cache. When populating the
cache a buffer overflow will occur. This can lead to code execution
under the context of the application.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9sEdLH
No comments:
Post a Comment