MA-159.042009: MyCERT Alert - Mozilla Firefox "nsTextFrame::ClearTextRun()" Memory Corruption Vulnerabilities Initial Release: 30 April 2009 1.0 Introduction MyCERT had obtained information regarding a vulnerability found in Mozilla Firefox products. This vulnerability allows remote attacker to perform remote code execution through the nsTextFrame::ClearTextRun() function and take control of the affected system. 2.0 Impact An attacker who successfully exploits this vulnerability can execute arbitrary script code and gain same privilege as the user or obtain sensitive information. 3.0 Affected Product The vulnerable product and version is as below: 4.0 Recommendation Users are recommended to upgrade to Mozilla Firefox 3.0.10. The latest version of Mozilla Firefox can be downloaded from this URL: http://www.mozilla.com/firefox/ MyCERT can be reached at: E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References i. http://secunia.com/advisories/34866/
ii. https://bugzilla.mozilla.org/show_bug.cgi?id=489647
iii. http://www.mozilla.org/security/announce/2009/mfsa2009-23.html |
