Mozilla Firefox

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird
allows?remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird
allows?remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code

Mozilla
Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0,
does not properly handle a right-to-left override (aka RLO or U+202E)
Unicode character in a download filename, which allows remote attackers
to spoof file extensions via a crafted filename, as demonstrated by
displaying a non-executable extension for an executable file.
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox
before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows
remote attackers to execute arbitrary code via unspecified vectors. 

Suggested articles

Slideshow: Scenes from Black Hat USA 2013

Scenes from this year’s hacking conference in Las Vegas, Nev. include a keynote by General Keith B. Alexander, Director of the National Security Agency and talks by researchers Karsten Nohl and Ralf-Phillip Weinmann.

Ryan McGeehan and Chad Greene

More from CanSecWest 2013

Pwn2Own, Pwnium Attract Dollars and 0-Days by the BushelGroundbreaking Cyber Fast Track Research Program EndingAt Pwn2Own, Browser Exploits Gett

Ryan McGeehan and Chad Greene

Ryan McGeehan, the director of incident response at Facebook and Chad Greene, the manager of the Facebook CERT on Thursday both explained how the social network has planned red team exercises in the past to prepare the company’s security team for a real attack.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.