OSVDB ID: 55145

Title: Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEditable Property Manipulation Memory Corruption

Info

Disclosure

Jun 12, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Local / Remote
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to Firefox 3.0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1022376
CVE ID: 2009-1392 (see also: NVD)
Bugtraq ID: 35326
Secunia Advisory ID: 35331 35415 35428 35431 35439 35440 35446 35468 35490 35536 35561 35577 35587 35602 35759 36340 51766
Related OSVDB ID: 55138 55139 55140 55141 55142 55143 55144 55146 55147 55148 55152 55157 55158 55159 55160 55161 55162 55163 55164
Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2009/msg00132.html
http://lists.debian.org/debian-security-announce/2009/msg00143.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
https://bugzilla.mozilla.org/buglist.cgi?bug_id=380359,472776,490410,429969,490513,432068,486398,489041,431086,490425,451341
https://bugzilla.mozilla.org/show_bug.cgi?id=431086
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-June/000924.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00605.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00569.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00570.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00640.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00642.html
RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2009-1096.html
http://rhn.redhat.com/errata/RHSA-2009-1125.html
http://rhn.redhat.com/errata/RHSA-2009-1126.html
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RHSA-2009:1095 RHSA-2009:1096
Vendor Specific Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265068-1
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.novell.com/linux/security/advisories/2009_34_firefox.html
Other Advisory URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://www.vupen.com/english/advisories/2009/1572

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/55145