<< Previous Next >>
Firefox
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-044
July 17, 2008
-- CVE ID:
CVE-2008-2785
-- Affected Vendors:
Mozilla Firefox
Problem Description:
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress
a script's URL in certain circumstances involving a redirect and an
error message, which allows remote attackers to obtain sensitive
information about script parameters via a crafted HTML document,
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
Date: December 29, 2007
Bugs: #198965, #200909
ID: 200712-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey, XULRunner: Multiple
vulnerabilities
Date: November 12, 2007
Bugs: #196480
ID: 200711-14
Affected: 2011.
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in mozilla firefox and
thunderbird:
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and
SeaMonkey 2.5 does not properly interact with DOMAttrModified event
handlers, which allows remote attackers to cause a denial of service
ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-013
March 5, 2009
-- CVE ID:
CVE-2009-0775
-- Affected Vendors:
Mozilla Firefox
Hello Bugtraq!
I want to warn you about Denial of Service vulnerability in Mozilla Firefox,
Internet Explorer and Chrome.
At the end of December DoS vulnerability in Mozilla Firefox 3.0.5 was found
by Jeremy Brown (http://websecurity.com.ua/2755/). After I checked at
23.12.2008 this vulnerability in different browsers (and also yesterday in
new version of Firefox), I found that this Denial of Service vulnerability
also exists in Firefox 3.0.13, Internet Explorer 6 and Chrome 1.0.154.48.
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-063
April 5, 2010
-- CVE ID:
CVE-2010-1121
-- Affected Vendors:
Mozilla Firefox
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-113
June 23, 2010
-- CVE ID:
CVE-2010-1199
-- Affected Vendors:
Mozilla Firefox
ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-048
April 2, 2010
-- CVE ID:
CVE-2010-0176
-- Affected Vendors:
Mozilla Firefox
ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-015
March 30, 2009
-- CVE ID:
CVE-2009-1044
-- Affected Vendors:
Mozilla Firefox
ZDI-10-047: Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-047
April 2, 2010
-- CVE ID:
CVE-2010-0164
-- Affected Vendors:
Mozilla Firefox
ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-133
July 20, 2010
-- CVE ID:
CVE-2010-2752
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-134
July 20, 2010
-- CVE ID:
CVE-2010-1208
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
===========================================================
Ubuntu Security Notice USN-957-2 July 26, 2010
firefox, firefox-3.0, xulrunner-1.9.2 vulnerability
CVE-2010-2755
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 10.04 LTS
ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-172
September 13, 2010
-- CVE ID:
CVE-2010-3168
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-176
September 13, 2010
-- CVE ID:
CVE-2010-2766
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
PUBLIC
=========================================================================
ACROS Security Problem Report #2011-08-18-1
-------------------------------------------------------------------------
ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox
=========================================================================
Document ID: ASPR #2011-08-18-1-PUB
Vendor: Mozilla (http://www.mozilla.org)
Target: Mozilla Firefox
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-019
February 19, 2010
-- CVE ID:
CVE-2009-3988
-- Affected Vendors:
Mozilla Firefox
ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-046
April 2, 2010
-- CVE ID:
CVE-2010-0160
-- Affected Vendors:
Mozilla Firefox
ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-049
April 2, 2010
-- CVE ID:
CVE-2010-0177
-- Affected Vendors:
Mozilla Firefox
ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-130
July 20, 2010
-- CVE ID:
CVE-2010-1209
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-131
July 20, 2010
-- CVE ID:
CVE-2010-2753
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-132
July 20, 2010
-- CVE ID:
CVE-2010-1214
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
===========================================================
Ubuntu Security Notice USN-957-1 July 23, 2010
firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207,
CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211,
CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215,
CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
===========================================================
A security issue affects the following Ubuntu releases:
ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-171
September 13, 2010
-- CVE ID:
CVE-2010-3167
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-173
September 13, 2010
-- CVE ID:
CVE-2010-2760
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Problem Description:
Security issues were identified and fixed in mozilla-thunderbird:
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird
before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do
not properly validate downloadable fonts before use within an operating
system's font implementation, which allows remote attackers to execute
arbitrary code via vectors related to @font-face Cascading Style Sheets
(CSS) rules (CVE-2010-3768).
<<Previous Next>>
|
