Saturday, January 5, 2008

Opera and Firefox Web Browsers Multiple Security Vulnerabilities

Opera Security Vulnerabilities:

Opera Web Browser is prone to multiple security vulnerabilities, including remote code-execution, information-disclosure, and cross-domain scripting issues.
Attackers can exploit these issues to execute remote code and obtain sensitive information in the context of the affected application. Attackers may be able to exploit some of the issues to carry out cross-domain scripting attacks.These issues affect versions prior to Opera 9.25.

Mozilla Firefox Security Vulnerabilities:

1. Mozilla Firefox Jar URI Cross-Site Scripting Vulnerability :

Mozilla Firefox is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.

2. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness :

Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.
An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

3. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities :

The Mozilla Foundation has released a security advisory disclosing three unspecified memory-corruption vulnerabilities.
Successfully exploiting these issues may allow attackers to execute code, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.Versions prior to Mozilla Firefox 2.0.0.10 and Mozilla SeaMonkey 1.1.7 are vulnerable to these issues.

source:windows-center.blogspot.com
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)