|
|
Log in / Subscribe / Register

MeeGo alert MeeGo-SA-10:24 (firefox)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:24.firefox] Improper Memory Handling
	Allows DoS 


Date:
    	      Tue, 18 Jan 2011 20:53:31 -0700


Message-ID:
    	      <2A5B01C8-52F6-4AC8-BF1E-D4542A4594A0@intel.com>



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:24.firefox				            Security Advisory
                                                                MeeGo Project

Topic:          Improper Memory Handling Allows DoS

Category:       Browser
Module:         firefox
Announced:      September 3, 2010
Affects:        MeeGo 1.0
Corrected:      September 3, 2010
MeeGo BID:	4998
CVE:		CVE-2010-2755

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance and portability.

II.  Problem Description

CVE-2010-2755: layout/generic/nsObjectFrame.cpp in Mozilla Firefox
3.6.7 does not properly free memory in the parameter array of a plugin
instance, which allows remote attackers to cause a denial of service
(memory corruption) or possibly execute arbitrary code via a crafted
HTML document, related to the DATA and SRC attributes of an OBJECT
element. NOTE: this vulnerability exists because of an incorrect fix
for CVE-2010-1214.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

III. Impact

CVE-2010-2898: Unauthorized disclosure of information due to resource
management errors (CWE-399)

IV.  Workaround

None

V.   Solution

Update to package firefox-3.6.8-5.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=4998
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/399.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNNlrdAAoJEEsJm1wYvCMbOkwH/Ro8bnSrBZ4ii8q5D/i+fNU6
+3jGvIp0MQtQMAZOvEZqQe/0/ne0aPAe4OKwjJa1Uu7t621ReVkSxIeJDoiPRSo8
Z/tXaliP3+/7+1e0oWJhPwDIiSQOVIkgyuRJA6fUkRTLhRG3wWkpHKA1ZrUn4YaX
gZJGH65dIVoq5/wGD0d1NT+auC25/oeFy7/5ze6BnpqTMAtlBo6Z6QHuiTfptqqJ
CtW/gup4Y/hFhLMzpvUhOL7gsezz5vEV02nw9CSQ3IiBJM+/jKdTeLA1kHEXwyGo
dCtf1eCk/EktB2bg70v6v8x6rojX0qsOJ+pWBuZAFHqVORUTNdpNgChvUF2IXvM=
=c/P9
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds