| New User, Welcome! Login |
Next Page >>
Mozilla Firefox
Mandriva Linux Security Advisory MDVSA-2011:141
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : October 1, 2011
Affected: 2011.
_______________________________________________________________________
Problem Description:
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and
4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0,
and SeaMonkey before 2.7 might allow remote attackers to execute
> However, I just tested the vulnerability in chrome and the incidents were
> different.
As I said on my system it's solely Chrome DoS vulnerability. On my system
with Firefox 3.0.13 (and previous versions, when I tested them before) there
is not such issue, when Firefox was DoSed via Chrome, i.e. Cross-Application
DoS. Taking into account that you have this issue with Firefox 3.5.2, than
it can be problem with FF 3.5.x versions, which have tight integration with
Chrome's and other software's URI handlers.
Mandriva Linux Security Advisory MDVSA-2009:338
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : December 22, 2009
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2011:041
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : March 3, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:210
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : October 22, 2010
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-930-4 July 23, 2010
firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125,
CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199,
CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203,
CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208,
CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212,
CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751,
CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
Mandriva Linux Security Advisory MDVSA-2010:125
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : June 24, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Mozilla
Firefox, Opera and other browsers. It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).
Recently, 04.08.2010, I wrote about vulnerability in Mozilla and Mozilla
Firefox at my site. I made full disclosure because Mozilla completely
ignored similar vulnerability, which I informed them in August 2009, like
Mandriva Linux Security Advisory MDVSA-2011:139
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : October 1, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:339
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : December 22, 2009
Affected: 2008.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:236
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : September 20, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Affected: 2009.0, 2010.1
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
Mandriva Linux Security Advisory MDVSA-2009:134
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : June 17, 2009
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
==========================================================================
Ubuntu Security Notice USN-1112-1
April 29, 2011
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Affected: 2011.
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
> Sent: Tuesday, May 18, 2010 8:38 PM
> Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
> Opera and other browsers
>
>
>> 16.05.2010 - found vulnerability.
>> 17.05.2010 - disclosed at my site.
===========================================================
Ubuntu Security Notice USN-930-1 June 29, 2010
firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
CVE-2008-5913, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196,
CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200,
CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
===========================================================
A security issue affects the following Ubuntu releases:
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
Sent: Tuesday, May 18, 2010 8:38 PM
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
Opera and other browsers
> 16.05.2010 - found vulnerability.
> 17.05.2010 - disclosed at my site.
===========================================================
Ubuntu Security Notice USN-667-1 November 17, 2008
firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013,
CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022,
CVE-2008-5023, CVE-2008-5024
===========================================================
A security issue affects the following Ubuntu releases:
Problem Description:
Security issues were identified and fixed in mozilla-thunderbird:
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Title: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
0x01. Description:
Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed.
( raise exception using PoC #1, lower memory area read access violation using PoC #2 )
Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-)
URL: http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera
and other browsers
-----------------------------
URL: http://websecurity.com.ua/4206/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
> Hello Bugtraq!
>
> I want to warn you about security vulnerability in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
> Opera
> and other browsers
> -----------------------------
> URL: http://websecurity.com.ua/4206/
> -----------------------------
Hello Thierry!
About your message concerning crash in Firefox 3.0.6
(http://securityvulns.ru/Vdocument307.html). Which has similar DoS
vulnerability as Nokia N95-8 browser.
Some time ago I read your message and also checked Firefox 3.0.6 and
confirmed the crash in it. What I can tell you about this hole.
In the beginning of September 2008 I already wrote about such DoS
python-gtkmozembed 2.25.3-3ubuntu1.9.10.1
ubufox 0.9~rc2-0ubuntu0.9.10.1
webfav 1.16-0ubuntu1.9.10.1
yelp 2.28.0-0ubuntu2.9.10.1
After a standard system upgrade you need to restart Firefox and any
applications that use Xulrunner to effect the necessary changes.
Details follow:
USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
===============================ADVISORY===============================
Name: Autocomplete Data Theft in Mozilla Firefox
Systems Affected: Mozilla Firefox 3.5, Mozilla Firefox 3.0
Severity: Moderate
Category: Data Leakage
Author: Context Information Security Ltd
Advisory: 4 November 2009
CVE: CVE-2009-3370
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
Integer overflow in a base64 decoding function in Mozilla Firefox
before 3.0.12 and Thunderbird allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unspecified vectors (CVE-2009-2463).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Next Page>>
|
|
|
