Bug 714581 (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)
Summary: | CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | casmls, ddumas, gecko-bugs-nobody, jlieskov, security-response-team, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-12 16:10:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Huzaifa S. Sidhpurwala
2011-06-20 07:05:12 UTC
Public now via: [1] http://www.mozilla.org/security/announce/2011/mfsa2011-23.html Further flaws description (from [1]): ===================================== Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. If a user-supplied callback deleted such an object, the element- modifying code could wind up accessing deleted memory and potentially executing attacker-controlled memory. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. This could result in the execution of deleted memory which an attacker could use to run arbitrary code on a victim's computer. Firefox 4 and newer products were not affected by these issues. This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:0887 https://rhn.redhat.com/errata/RHSA-2011-0887.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0886 https://rhn.redhat.com/errata/RHSA-2011-0886.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0888 https://rhn.redhat.com/errata/RHSA-2011-0888.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Via RHSA-2011:0885 https://rhn.redhat.com/errata/RHSA-2011-0885.html |