Next Page >>
Jesse Ruderman
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-3070
Jesse Ruderman discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2009-3071
Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered
counter for CSS objects can lead to the execution of arbitrary code.
(MFSA 2008-34)
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code. (MFSA 2008-21)
CVE-2008-2799
an unbranded version of the Thunderbird client. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2007-3734
Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.
CVE-2007-3735
Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling. (MFSA 2008-41)
CVE-2008-4061
Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code. (MFSA 2008-42)
CVE-2008-4062
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
selection on a web page can be read by JavaScript in a different domain
using the document.getSelection function, violating the same-origin
policy. Since this vulnerability requires user interaction to exploit,
its severity was determined to be moderate (CVE-2009-3375).
Mozilla security researchers Jesse Ruderman and Sid Stamm reported
that when downloading a file containing a right-to-left override
character (RTL) in the filename, the name displayed in the dialog
title bar conflicts with the name of the file shown in the dialog
body. An attacker could use this vulnerability to obfuscate the name
and file extension of a file to be downloaded and opened, potentially
Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling.
CVE-2008-4061
Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code.
CVE-2008-4062
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
could be bypassed, which might allow privilege escalation.
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
could be bypassed, which might allow privilege escalation.
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Takehiro Takahashi discovered that the NTLM implementaion is vulnerable
to reflection attacks.
CVE-2009-3981:
Jesse Ruderman discovered a crash in the layout engine, which might allow
the execution of arbitrary code.
CVE-2009-3979:
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay
* TippingPoint's Zero Day Initiative reported that an incorrect
integer data type is used as a CSS object reference counter, leading
to a counter overflow and a free() of in-use memory (CVE-2008-2785).
* Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the
JavaScript engine, possibly triggering memory corruption
(CVE-2008-2799).
* Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes
in the layout engine, possibly triggering memory corruption
Gregory Fleischer discovered that the same-origin check in Firefox could be
bypassed by utilizing the document.getSelection function. An attacker could
exploit this to read data from other domains. (CVE-2009-3375)
Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display
filenames containing right-to-left (RTL) override characters. If a user were
tricked into downloading a malicious file with a crafted filename, an attacker
could exploit this to trick the user into opening a different file than the
user expected. (CVE-2009-3376)
Gregory Fleischer discovered that the same-origin check in Firefox could be
bypassed by utilizing the document.getSelection function. An attacker could
exploit this to read data from other domains. (CVE-2009-3375)
Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display
filenames containing right-to-left (RTL) override characters. If a user were
tricked into downloading a malicious file with a crafted filename, an attacker
could exploit this to trick the user into opening a different file than the
user expected. (CVE-2009-3376)
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-3380
Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
Banchero, David Keeler and Boris Zbarsky reported crashes in
layout engine, which might allow the execution of arbitrary code.
CVE-2009-3382
could be bypassed, which might allow privilege escalation.
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
selection on a web page can be read by JavaScript in a different domain
using the document.getSelection function, violating the same-origin
policy. Since this vulnerability requires user interaction to exploit,
its severity was determined to be moderate (CVE-2009-3375).
Mozilla security researchers Jesse Ruderman and Sid Stamm reported
that when downloading a file containing a right-to-left override
character (RTL) in the filename, the name displayed in the dialog
title bar conflicts with the name of the file shown in the dialog
body. An attacker could use this vulnerability to obfuscate the name
and file extension of a file to be downloaded and opened, potentially
browser. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-2462
Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake
Kaplan disocvered several issues in the browser engine that could
potentially lead to the execution of arbitrary code. (MFSA 2009-34)
CVE-2009-2463
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0771
Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes
in the layout engine, which might allow the execution of arbitrary
code.
CVE-2009-0772
Moxie Marlinspike discovered that Unicode box drawing characters inside of
internationalised domain names could be used for phishing attacks.
CVE-2009-1302
Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-1303
After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.
Details follow:
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and
David James discovered several flaws in the browser and JavaScript engines
of Firefox. If a user were tricked into viewing a malicious website, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)
"regenrecht" discovered that incorrect memory handling in DOM
parsing could lead to the execution of arbitrary code.
CVE-2010-1211
Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
layout engine, which might allow the execution of arbitrary code.
CVE-2010-1214
Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
resulting in potential information disclosure.
CVE-2012-0442
Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
may lead to the execution of arbitrary code.
CVE-2012-0444
"regenrecht" discovered that missing input sanisiting in the Ogg Vorbis
Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling.
CVE-2008-4061
Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code.
CVE-2008-4062
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
runtime environment for XUL applications. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2008-5500
Jesse Ruderman discovered that the layout engine is vulnerable to
DoS attacks that might trigger memory corruption and an integer
overflow. (MFSA 2008-60)
CVE-2008-5503
Ian Beer discovered a vulnerability in the memory handling of a certain
types of documents. An attacker could exploit this to possibly run
arbitrary code as the user running Firefox. (CVE-2011-0070)
Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman
discovered several memory vulnerabilities. An attacker could exploit these
to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080)
Aki Helin discovered multiple vulnerabilities in the HTML rendering code.
An attacker could exploit these to possibly run arbitrary code as the user
unbranded version of Seamonkey:
CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
"Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo,
Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella
discovered memory corruption bugs, which may lead to the execution
of arbitrary code.
CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
Software Description:
- firefox: Safe and easy web browser from Mozilla
Details:
Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek
discovered multiple memory vulnerabilities. An attacker could exploit these
to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079)
It was discovered that there was a vulnerability in the memory handling of
certain types of content. An attacker could exploit this to possibly run
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.
CVE-2008-0413
Next Page>>
|
