Mozilla Firefox/Thunderbird Uninitialized Memory Locations Vulnerabilities
5 Oct. 2015
Summary
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an impact via a crafted ZIP archive.
Credit:
The information has been provided by Karthikeyan Bhargavan, Jonas Jenwald, David Parks, David Keeler, Ronald Crane, Looben Yan, Watson Ladd, Herre, Holger Fuhrmannek, Paul Bandha, Jann Horn and Mozilla Developers.
Vulnerable Systems:
* Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1
Mozilla Firefox and Thunderbird are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, to gain elevated privileges, to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks.