![]() bug 887334 NOT VERIFIED: GC hazard with default compartments and frame chain restoration.bug 888820 VERIFIED: Crash in nsHtml5TreeBuilder.bug 633001 VERIFIED: SSL cannot set exceptions on IPv6 addresses.the prefs used in the test cases aren't the correct ones these are the correct prefs: "security.mixed_content.block_active_content" and "security.mixed_content.block_display_content".the behavior explained in bug 906190 is encountered.on Win 8 32bit, Ubuntu 32bit and Mac OS X 10.7.5: "Display embedded PDF" test fails, because the PDF embedded with the object tag isn't displayed known issue: see bug 738967.on Win 8 32bit, Ubuntu 32bit and Mac OS X 10.7.5: regarding "View and dismiss Sync discovery notifications" test -> there is no "browser.syncPromoViewsLeft" option in "about:config".Pave-over install of FF24esr over FF17esr.Run the Firefox ESR 24 Smoketests in MozTrap and report the results below. (CVE-2014-1514) Solution Upgrade to Firefox ESR 24.4 or later.The following are the detailed results of the automated Mozmill test runs. (CVE-2014-1513) - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1512) - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution. (CVE-2014-1511) - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution. (CVE-2014-1510) - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1505) - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution. (CVE-2014-1509) - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks. (CVE-2014-1508) - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack. (CVE-2014-1497) - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1496) - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1495) - An issue exists where extracted files for updates are not read-only while updating. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2014-1493, CVE-2014-1494) - A flaw exists in the checkHandshake() function due to improper validation of user-supplied input. It is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. Description The installed version of Firefox ESR 24.x is a version prior to 24.4. Synopsis The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |