Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0083 Mozilla Firefox security update 28 September 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox 3.6.22 and prior Firefox 6.0.2 and prior Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Friday, October 28 2011 OVERVIEW Mozilla has released an update to Firefox correcting several security issues. [1][2] IMPACT * WebGL cross-domain image theft vulnerability [3] * WebGL allows access to uninitialised graphics memory [4] * A stack overflow occurs when loading some plugins [5] * A crash can be caused by a textarea tag [6] More information should be available soon.[7][8] MITIGATION It is recommended that users update to the latest version as soon as possible. REFERENCES [1] Release Notes https://www.mozilla.org/en-US/firefox/7.0/releasenotes/ [2] Release Notes https://www.mozilla.org/en-US/firefox/3.6.23/releasenotes/ [3] Bug 655987 https://bugzilla.mozilla.org/show_bug.cgi?id=655987 [4] Bug 659349 https://bugzilla.mozilla.org/show_bug.cgi?id=659349 [5] Bug 664974 https://bugzilla.mozilla.org/show_bug.cgi?id=664974 [6] Bug 669767 https://bugzilla.mozilla.org/show_bug.cgi?id=669767 [7] Security Advisories for Firefox http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox7 [8] Security Advisories for Firefox 3.6 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBToKTd+4yVqjM2NGpAQKbfw//cW3mx5TbxP+18STDEtfEATRsuw9tnoME nPGFDGpo9ELHQWkFjSNtgolh+Uz5ZGj0OpT1l8YgGAr5BDmdiSQ4oB8sQkk+d90j kBBSXWQw5qlE1s/lti3iCw7Cn1uxF+/l6sRQ48ymO8gEtjzJHXrW04/lc0Au0SjT 9XIqAQ2MRoBUDCn3KL9qZHZBiBldWVZYwiG5HyYg67nnVnn6/pCVrTvqi7VY3pXb p7gBPBYvsdDdigZiImYIiSW9JqFLXDcu5ylJUOqXoH5TNo4nlByQJJwIVCZUpxwS OBMPVU1RewFZ2gl/3f/P+YgsWVRyjW3DvNauZ6q1Dp/VbRQrgqxAZgYyG2lOxFH/ mrqYyFp5hkpWv7oqhQKhPv/Q0+SR9O1AC2Dg6geKhZNG6Sy3r1lNeaao9AYe+f6W /dCqHHePJpIb6aeV7FC4Ne4+KYOt94YJTsBChV4RobVL+6IEHYeFi2n2cgBDxSEY LGMYhBehAXWYYqk8s7KMmysIqW3phPB+Pm68BHRcdb1WEEaDEiJ7qqXH9nmfAce2 l2xQcp1hnflJ+1YawacBPU2UKpu/K0d1YGketqN5BU5yKS3+QJbsO+PK1uLEvvyY 5cxf1jCIXoxA4xCvAeBbIYxnKdnPbd7scvWYJFXpqJur2/OJcvWdvFcGWZHHrct7 kx71NIHe0lw= =RYk4 -----END PGP SIGNATURE-----