allows remote attackers to execute arbitrary code.
CVE-2009-1687
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
properly handle allocation failures, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document that triggers write
access to an "offset of a NULL pointer.
context-dependent attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a large precision
value in the format argument to a printf function, related to an
array overrun. (CVE-2009-0689)
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
users can cause a denial of service (Oops) due to incorrect assumptions
about thread group leader behavior.
CVE-2010-4249
Vegard Nossum reported an issue with the UNIX socket garbage collector.
Local users can consume all of LOWMEM and decrease system performance by
overloading the system with inflight sockets.
CVE-2010-4258
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
SVG images. If a user were tricked into opening a specially crafted SVG
image, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 9.04. (CVE-2009-0945)
It was discovered that the KDE JavaScript garbage collector did not
properly handle memory allocation failures. If a user were tricked into
viewing a malicious website, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-1687)
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
failures, which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a crafted HTML
document that triggers write access to an "offset of a NULL pointer."
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Description:
A flaw has been found in previous versions of firefox's JavaScript garbage
collector. This issue is known to cause a Denial-of-Service via
maliciously-crafted web pages, and is suspected of allowing arbitrary code
execution on the target machine by an attacker.
Note: this update is only available on the Foresight Linux 2 branch.
