Bug 714581 (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) - CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)
Summary: CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer v...
Status: CLOSED ERRATA
Alias: CVE-2011-0083, CVE-2011-0085, CVE-2011-2363
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110621,reported=20110618,sou...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-20 07:05 UTC by Huzaifa S. Sidhpurwala
Modified: 2013-04-12 16:10 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-12 16:10:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0885 normal SHIPPED_LIVE Critical: firefox security and bug fix update 2011-06-21 22:50:32 UTC
Red Hat Product Errata RHSA-2011:0886 normal SHIPPED_LIVE Critical: thunderbird security update 2011-06-21 22:39:08 UTC
Red Hat Product Errata RHSA-2011:0887 normal SHIPPED_LIVE Critical: thunderbird security update 2011-06-21 22:28:35 UTC
Red Hat Product Errata RHSA-2011:0888 normal SHIPPED_LIVE Critical: seamonkey security update 2011-06-21 22:50:01 UTC

Description Huzaifa S. Sidhpurwala 2011-06-20 07:05:12 UTC
Multiple dangling pointer vulnerabilities were reported by regenrecht via
TippingPoint's Zero Day Initiative.
 
Firefox 4 and newer products were not affected by these issues.

Comment 1 Jan Lieskovsky 2011-06-21 12:37:50 UTC
Public now via:
[1] http://www.mozilla.org/security/announce/2011/mfsa2011-23.html

Comment 2 Jan Lieskovsky 2011-06-21 12:39:35 UTC
Further flaws description (from [1]):
=====================================

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative
two instances of code which modifies SVG element lists failed to account for
changes made to the list by user-supplied callbacks before accessing list
elements. If a user-supplied callback deleted such an object, the element-
modifying code could wind up accessing deleted memory and potentially executing
attacker-controlled memory.

regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL
document could force the nsXULCommandDispatcher to remove all command updaters
from the queue, including the one currently in use. This could result in the
execution of deleted memory which an attacker could use to run arbitrary code
on a victim's computer.

Firefox 4 and newer products were not affected by these issues.

Comment 3 errata-xmlrpc 2011-06-21 22:28:51 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2011:0887 https://rhn.redhat.com/errata/RHSA-2011-0887.html

Comment 4 errata-xmlrpc 2011-06-21 22:39:18 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0886 https://rhn.redhat.com/errata/RHSA-2011-0886.html

Comment 5 errata-xmlrpc 2011-06-21 22:50:19 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:0888 https://rhn.redhat.com/errata/RHSA-2011-0888.html

Comment 6 errata-xmlrpc 2011-06-21 22:50:50 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4

Via RHSA-2011:0885 https://rhn.redhat.com/errata/RHSA-2011-0885.html


Note You need to log in before you can comment on or make changes to this bug.