| New User, Welcome! Login |
Next Page >>
Firefox
> However, I just tested the vulnerability in chrome and the incidents were
> different.
As I said on my system it's solely Chrome DoS vulnerability. On my system
with Firefox 3.0.13 (and previous versions, when I tested them before) there
is not such issue, when Firefox was DoSed via Chrome, i.e. Cross-Application
DoS. Taking into account that you have this issue with Firefox 3.5.2, than
it can be problem with FF 3.5.x versions, which have tight integration with
Chrome's and other software's URI handlers.
Mandriva Linux Security Advisory MDVSA-2009:338
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : December 22, 2009
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2011:041
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : March 3, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:210
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : October 22, 2010
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-930-4 July 23, 2010
firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125,
CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199,
CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203,
CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208,
CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751,
CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
Mandriva Linux Security Advisory MDVSA-2010:125
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : June 24, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Mozilla
Firefox, Opera and other browsers. It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).
Recently, 04.08.2010, I wrote about vulnerability in Mozilla and Mozilla
Firefox at my site. I made full disclosure because Mozilla completely
ignored similar vulnerability, which I informed them in August 2009, like
Mandriva Linux Security Advisory MDVSA-2009:339
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : December 22, 2009
Affected: 2008.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:236
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : September 20, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
==========================================================================
Ubuntu Security Notice USN-1112-1
April 29, 2011
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Mandriva Linux Security Advisory MDVSA-2009:134
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : June 17, 2009
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-930-1 June 29, 2010
firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
CVE-2008-5913, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196,
CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200,
CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
===========================================================
A security issue affects the following Ubuntu releases:
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
Sent: Tuesday, May 18, 2010 8:38 PM
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
Opera and other browsers
> 16.05.2010 - found vulnerability.
> 17.05.2010 - disclosed at my site.
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
> Sent: Tuesday, May 18, 2010 8:38 PM
> Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
> Opera and other browsers
>
>
>> 16.05.2010 - found vulnerability.
>> 17.05.2010 - disclosed at my site.
Problem Description:
Security issues were identified and fixed in mozilla-thunderbird:
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
===========================================================
Ubuntu Security Notice USN-667-1 November 17, 2008
firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013,
CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,
CVE-2008-5023, CVE-2008-5024
===========================================================
A security issue affects the following Ubuntu releases:
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera
and other browsers
-----------------------------
URL: http://websecurity.com.ua/4206/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Title: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
0x01. Description:
Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed.
( raise exception using PoC #1, lower memory area read access violation using PoC #2 )
Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-)
URL: http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt
> Hello Bugtraq!
>
> I want to warn you about security vulnerability in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
> Opera
> and other browsers
> -----------------------------
> URL: http://websecurity.com.ua/4206/
> -----------------------------
Hello Thierry!
About your message concerning crash in Firefox 3.0.6
(http://securityvulns.ru/Vdocument307.html). Which has similar DoS
vulnerability as Nokia N95-8 browser.
Some time ago I read your message and also checked Firefox 3.0.6 and
confirmed the crash in it. What I can tell you about this hole.
In the beginning of September 2008 I already wrote about such DoS
python-gtkmozembed 2.25.3-3ubuntu1.9.10.1
ubufox 0.9~rc2-0ubuntu0.9.10.1
webfav 1.16-0ubuntu1.9.10.1
yelp 2.28.0-0ubuntu2.9.10.1
After a standard system upgrade you need to restart Firefox and any
applications that use Xulrunner to effect the necessary changes.
Details follow:
USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
===============================ADVISORY===============================
Name: Autocomplete Data Theft in Mozilla Firefox
Systems Affected: Mozilla Firefox 3.5, Mozilla Firefox 3.0
Severity: Moderate
Category: Data Leakage
Author: Context Information Security Ltd
Advisory: 4 November 2009
CVE: CVE-2009-3370
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
Integer overflow in a base64 decoding function in Mozilla Firefox
before 3.0.12 and Thunderbird allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unspecified vectors (CVE-2009-2463).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-044
July 17, 2008
-- CVE ID:
CVE-2008-2785
-- Affected Vendors:
Mozilla Firefox
Problem Description:
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress
a script's URL in certain circumstances involving a redirect and an
error message, which allows remote attackers to obtain sensitive
information about script parameters via a crafted HTML document,
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
Date: December 29, 2007
Bugs: #198965, #200909
ID: 200712-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey, XULRunner: Multiple
vulnerabilities
Date: November 12, 2007
Bugs: #196480
ID: 200711-14
Next Page>>
|
|
|
