Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Public now via: [1] http://www.mozilla.org/security/announce/2011/mfsa2011-19.html
Further issue(s) details from [1]: ================================== * Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger reported memory safety problems that were fixed in Firefox 5 and Firefox 3.6.18 References: - Memory safety bugs - Firefox 5, Firefox 3.6 [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=642734,642338,639648,646662,645572,629858,626262,643051 - CVE-2011-2374 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374 * Bas Schouten, Igor Bukanov, Jesse Ruderman, Bill McCloskey, Olli Pettay, Gary Kwong, Daniel Veditz and Marcia Knous reported memory safety problems that were fixed in Firefox 5 only. References: - Memory safety bugs - Firefox 5 [4] https://bugzilla.mozilla.org/buglist.cgi?bug_id=648705,643927,654015,653238,653026,652401,643839,597162,648022 - CVE-2011-2375 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375 * Luke Wagner and Gary Kwong reported memory safety problems that were fixed in Firefox 3.6 only. References: - Memory safety bugs - Firefox 3.6 [6] https://bugzilla.mozilla.org/buglist.cgi?bug_id=650874,635235 - CVE-2011-2376 [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376 * Rh0 reported a crash that affected Firefox 3.6 only References: - [8] https://bugzilla.mozilla.org/show_bug.cgi?id=651990 - CVE-2011-2364 [9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364 * secenv reported a crash that affected Firefox 3.6 only. References: - [10] https://bugzilla.mozilla.org/show_bug.cgi?id=655742 - CVE-2011-2365 [11] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:0887 https://rhn.redhat.com/errata/RHSA-2011-0887.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0886 https://rhn.redhat.com/errata/RHSA-2011-0886.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0888 https://rhn.redhat.com/errata/RHSA-2011-0888.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Via RHSA-2011:0885 https://rhn.redhat.com/errata/RHSA-2011-0885.html
MITRE assigned an additional CVE here: Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2605 to the following vulnerability: Name: CVE-2011-2605 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2605 Assigned: 20110630 Reference: http://www.mozilla.org/security/announce/2011/mfsa2011-19.html Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=643051 CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.