Next Page >>
SeaMonkey
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and
4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0,
and SeaMonkey before 2.7 might allow remote attackers to execute
arbitrary code via vectors related to incorrect AttributeChildRemoved
notifications that affect access to removed nsDOMAttribute child nodes
(CVE-2011-3659).
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before
Problem Description:
Security issues were identified and fixed in firefox 3.5.x:
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
2.0.1 might allow context-dependent attackers to cause a denial of
service (application crash) or execute arbitrary code via unspecified
vectors, related to memory safety issues. (CVE-2009-3388)
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used
_______________________________________________________________________
Problem Description:
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
Problem Description:
Security issues were identified and fixed in firefox:
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by
a legitimate Certification Authority (CVE-2010-3170).
Problem Description:
Security issues were identified and fixed in firefox 3.0.x:
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1,
and Thunderbird allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary
code via unknown vectors (CVE-2009-3979).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
Background
==========
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Security issues were identified and fixed in mozilla-thunderbird:
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via
a brute-force attack (CVE-2010-3173).
Unspecified vulnerability in the browser engine in Mozilla Firefox
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
Date: December 29, 2007
Bugs: #198965, #200909
ID: 200712-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
frame, instead of the intended form field in a visible frame, via
certain calls to the focus method (CVE-2010-1125).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox, SeaMonkey, XULRunner: Multiple
vulnerabilities
Date: November 12, 2007
Bugs: #196480
ID: 200711-14
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11
and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x
before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress
a script's URL in certain circumstances involving a redirect and an
error message, which allows remote attackers to obtain sensitive
information about script parameters via a crafted HTML document,
related to the window.onerror handler (CVE-2010-2754).
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted arbitrary remote code execution.
Background
==========
Security issues were identified and fixed in mozilla firefox and
thunderbird:
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and
SeaMonkey 2.5 does not properly interact with DOMAttrModified event
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds memory access) or possibly have unspecified other
impact via vectors involving removal of SVG elements (CVE-2011-3658).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Problem Description:
Security issues were identified and fixed in mozilla-thunderbird:
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird
before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do
not properly validate downloadable fonts before use within an operating
system's font implementation, which allows remote attackers to execute
arbitrary code via vectors related to @font-face Cascading Style Sheets
(CSS) rules (CVE-2010-3768).
Problem Description:
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
process e-mail attachments with a parser that performs casts and
line termination incorrectly, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).
Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
Security issues were identified and fixed in mozilla-thunderbird:
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before
3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2011-0053).
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
>>> redirect to mailto: URL opens email editor). Which allow to open email
>>> client at user's computer via redirector, which redirecting to mailto:
>>> URL.
>>> But this vulnerability was fixed only in Firefox 3.5.9, Firefox
>>> 3.6.2 and
>>> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>>>
>>> After I recently read this advisory, I decided to check different
>>> browsers.
>>> And as I checked at 16.05.2010, to this vulnerability are vulnerable
>>> web
>> src
>> redirect to mailto: URL opens email editor). Which allow to open email
>> client at user's computer via redirector, which redirecting to mailto:
>> URL.
>> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
>> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>>
>> After I recently read this advisory, I decided to check different
>> browsers.
>> And as I checked at 16.05.2010, to this vulnerability are vulnerable web
>> browsers Firefox 3.0.19 and Opera 9.52. And I created exploit for
> (Image src
> redirect to mailto: URL opens email editor). Which allow to open email
> client at user's computer via redirector, which redirecting to mailto:
> URL.
> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>
> After I recently read this advisory, I decided to check different
> browsers.
> And as I checked at 16.05.2010, to this vulnerability are vulnerable web
> browsers Firefox 3.0.19 and Opera 9.52. And I created exploit for
Security Advisory 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image src
redirect to mailto: URL opens email editor). Which allow to open email
client at user's computer via redirector, which redirecting to mailto: URL.
But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
SeaMonkey 2.0.4, but not in Firefox 3.0.x.
After I recently read this advisory, I decided to check different browsers.
And as I checked at 16.05.2010, to this vulnerability are vulnerable web
browsers Firefox 3.0.19 and Opera 9.52. And I created exploit for conducting
of DoS attack on Firefox.
they even didn't answered me yet about it. For example, when I informed
Google about Charset Inheritance vulnerability in Google Chrome
(http://websecurity.com.ua/2844/), they quickly answered me - that they
decided to not fix it (but still not ignored letter like Mozilla).
In September 2009 DoS vulnerability in SeaMonkey was found
(http://websecurity.com.ua/2820/), which uses the same attack (on
marquee-vulnerability which was ignored by Mozilla). But unlike FF,
SeaMonkey crashes - this is already another type of DoS vulnerabilities in
browser (http://websecurity.com.ua/2550/). And in February you found that
last version of Firefox also crashes.
The Flock browser is available as a free download, and supports Microsoft Windows, Mac OS X, and Linux platforms.
- --- 1. Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Flock has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
http://securityreason.com/achievement_securityalert/63
but fix for SREASONRES:20090625, used by openbsd was not good.
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Mozilla,
Firefox, SeaMonkey, Orca Browser and Maxthon.
As I wrote about this vulnerability at my site
(http://websecurity.com.ua/3373/) at 30.07.2009, I found vulnerability in
Mozilla and Firefox 3.0.12 (and later checked in 3.0.13). Which allows to
bypass protection from executing of JavaScript code in location-header
redirectors (by redirecting to javascript: URI).
Next Page>>
|
