Mozilla firefox 497/5/2023 ![]() The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. This vulnerability affects Firefox tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. Other operating systems are not affected.*. This vulnerability affects Firefox *Note: These attacks requires local system access and only affects Windows. This vulnerability affects Firefox = 4.2.4 and *Note: This attack requires local system access and only affects Windows. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2.
0 Comments
Leave a Reply. |