Firefox Integer Overflow in XSLT Node Sorting
|
D-SWAT
TippingPoint's Zero Day Initiative released a report that an XSLT node sorting routine contained an integer overflow vulnerability. XSL stands for EXtensible Stylesheet Language, and is a style sheet language for XML documents. XSLT stands for XSL Transformations. This vulnerability allows attackers to execute arbitrary code.
"User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file," TippingPoint sayid. "The specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. Upon usage of this buffer the application will copy more data than allocated thus causing an overflow. This can lead to code execution under the context of the application."
This vulnerability affects Firefox, Thunderbird and SeaMonkey.
Workarounds:
Update applications to following versions:
Firefox 3.6.4
Firefox 3.5.10
Thunderbird 3.0.5
SeaMonkey 2.0.5
References:
http://www.zerodayinitiative.com/advisories/ZDI-10-113/
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
|
The information from DrayTek Corp.
About DrayTek
DrayTek Corp., founded in 1997, is a global provider
of comprehensive network security, remote access
and VoIP solutions for residential/small office
and Small and Medium Enterprises(SME) use. To
meet the needs of customers for quality and cost-effectiveness,
DrayTek, with technologies integrated with real-time
Anti-Virus/Anti-Intrusion system, VPN, VoIP and
xDSL broadband access, has successfully delivered
total network protection worldwide. For more information,
please visit the company's website at http://www.draytek.com.
Press Contact:
DrayTek Marketing Dept.
press@draytek.com |
