Mozilla Foundation Security Advisory 2011-19

Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

Announced
June 21, 2011
Reporter
Mozilla developers and community
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.6.18
  • Firefox 5
  • SeaMonkey 2.2
  • Thunderbird 3.1.11

Description

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

References

Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger reported memory safety problems that were fixed in clients based on mozilla5 and mozilla-1.9.2 (e.g. Firefox 5 and Firefox 3.6.18 respectively).

Bas Schouten, Igor Bukanov, Jesse Ruderman, Bill McCloskey, Olli Pettay, Gary Kwong, Daniel Veditz and Marcia Knous reported memory safety problems that were fixed in Firefox 5 and SeaMonkey 2.2. These vulnerabilities did not affect versions prior to Firefox 4 and SeaMonkey 2.1

Luke Wagner and Gary Kwong reported memory safety problems that were fixed in Firefox 3.6.18 and Thunderbird 3.1.11 and did not affect the JavaScript engine used in Firefox 4 and SeaMonkey 2.1.

Rh0 reported a crash that was fixed in the browser engine used by Firefox 3.6.18 and Thunderbird 3.1 and did not affect higher versions.

secenv reported a crash that was fixed in the browser engine used by Firefox 3.6.18 and Thunderbird 3.1.11 and did not affect higher versions.