Mozilla Foundation Security Advisory 2011-19

Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

Announced

June 21, 2011

Reporter

Mozilla developers and community

Impact

Critical

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

• Firefox 3.6.18
• Firefox 5
• SeaMonkey 2.2
• Thunderbird 3.1.11

Description

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

References

Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger reported memory safety problems that were fixed in clients based on mozilla5 and mozilla-1.9.2 (e.g. Firefox 5 and Firefox 3.6.18 respectively).

• Memory safety bugs - Firefox 5, Firefox 3.6
• CVE-2011-2374

Bas Schouten, Igor Bukanov, Jesse Ruderman, Bill McCloskey, Olli Pettay, Gary Kwong, Daniel Veditz and Marcia Knous reported memory safety problems that were fixed in Firefox 5 and SeaMonkey 2.2. These vulnerabilities did not affect versions prior to Firefox 4 and SeaMonkey 2.1

• Memory safety bugs - Firefox 5
• CVE-2011-2375

Luke Wagner and Gary Kwong reported memory safety problems that were fixed in Firefox 3.6.18 and Thunderbird 3.1.11 and did not affect the JavaScript engine used in Firefox 4 and SeaMonkey 2.1.

• Memory safety bugs - Firefox 3.6
• CVE-2011-2376

Rh0 reported a crash that was fixed in the browser engine used by Firefox 3.6.18 and Thunderbird 3.1 and did not affect higher versions.

• https://bugzilla.mozilla.org/show_bug.cgi?id=651990
• CVE-2011-2364

secenv reported a crash that was fixed in the browser engine used by Firefox 3.6.18 and Thunderbird 3.1.11 and did not affect higher versions.

• https://bugzilla.mozilla.org/show_bug.cgi?id=655742
• CVE-2011-2365