----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Mozilla Firefox Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA35914

VERIFY ADVISORY:
http://secunia.com/advisories/35914/

DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to conduct cross-site scripting
attacks or compromise a user's system.

1) Multiple errors in the browser engine can be exploited to corrupt
memory and potentially execute arbitrary code.

2) An integer overflow error in a base64 decoding function can be
exploited to corrupt memory and potentially execute arbitrary code.

3) An error in the handling of multiple RDF files in a XUL tree
element can be exploited to corrupt memory and potentially execute
arbitrary code.

4) An error exists in the construction of documents, which can result
in double copies of certain elements within this document.

5) An error in the handling of frames can be exploited to cause a
memory corruption and potentially execute arbitrary code.

6) Multiple errors in the Javascript engine can be exploited to
corrupt memory and potentially execute arbitrary code.

7) An error in the handling of Flash objects when navigating to
another page can potentially be exploited to trigger a call to a
deleted object and potentially execute arbitrary code.

8) Multiple vulnerabilities in various font glyph rendering libraries
can be exploited by malicious people to compromise a user's system.

For more information:
SA35021

9) An error in the handling of SVG elements on which a watch function
and __defineSetter__ function have been set for a certain property can
be exploited to cause a memory corruption and execute arbitrary code.

10) An error when setTimeout() is invoked with certain object
parameters can result in the object loosing its wrapper. This can
potentially be exploited to execute arbitrary Javascript code with
chrome privileges.

11) Various errors in the handling of wrappers for objects can
potentially be exploited to access properties of such objects that
have been set by a different site and e.g. conduct cross-site
scripting attacks.

SOLUTION:
Update to version 3.0.12.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay, and
Blake Kaplan
2) monarch2020
3) Christophe Charron
4) Yongqian Li
5) John Senchak
6) Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten
Book
7) Attila Suszter
8) Will Drewry
9) PenPal
10) Blake Kaplan
11) moz_bug_r_a4

ORIGINAL ADVISORY:
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html

OTHER REFERENCES:
SA35021:
http://secunia.com/advisories/35021/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------