| New User, Welcome! Login |
Next Page >>
layout engine
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-3070
Jesse Ruderman discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2009-3071
Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered
(MFSA 2008-34)
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code. (MFSA 2008-21)
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
CVE-2009-3380
Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel
Banchero, David Keeler and Boris Zbarsky reported crashes in
layout engine, which might allow the execution of arbitrary code.
CVE-2009-3382
Carsten Book reported a crash in the layout engine, which might
allow the execution of arbitrary code.
CVE-2007-3734
Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.
CVE-2007-3735
Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
CVE-2010-1200
Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben
Turner, Jonathan Kew and David Humphrey discovered crashes in the
layout engine, which might allow the execution of arbitrary code.
CVE-2010-1201
"boardraider" and "stedenon" discovered crashes in the layout engine,
which might allow the execution of arbitrary code.
Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege
escalation vulnerability in XSLT handling. (MFSA 2008-41)
CVE-2008-4061
Jesse Ruderman discovered a crash in the layout engine, which might
allow the execution of arbitrary code. (MFSA 2008-42)
CVE-2008-4062
Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
internationalised domain names could be used for phishing attacks.
CVE-2009-1302
Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
and Gary Kwong reported crashes in the in the layout engine, which might
allow the execution of arbitrary code.
CVE-2009-1303
Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman
the following problems:
CVE-2009-0771
Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes
in the layout engine, which might allow the execution of arbitrary
code.
CVE-2009-0772
Jesse Ruderman discovered crashes in the layout engine, which
Takehiro Takahashi discovered that the NTLM implementaion is vulnerable
to reflection attacks.
CVE-2009-3981:
Jesse Ruderman discovered a crash in the layout engine, which might allow
the execution of arbitrary code.
CVE-2009-3979:
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-5500
Jesse Ruderman discovered that the layout engine is vulnerable to
DoS attacks that might trigger memory corruption and an integer
overflow. (MFSA 2008-60)
CVE-2008-5503
* Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the
JavaScript engine, possibly triggering memory corruption
(CVE-2008-2799).
* Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes
in the layout engine, possibly triggering memory corruption
(CVE-2008-2798).
* moz_bug_r_a4 reported that XUL documents that include a script from
a chrome: URI that points to a fastload file would be executed with
the privileges specified in the file (CVE-2008-2802).
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the following problems:
CVE-2010-0174
Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout
engine, which might allow the execution of arbitrary code.
CVE-2010-0175
It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.
Original URL:
http://securityreason.com/achievement_securityalert/76
- --- 0.Description ---
Camino (from the Spanish word camino meaning "way", "path" or "road") is a free, open source, GUI-based Web browser based on Mozilla's Gecko layout engine and specifically designed for the Mac OS X operating system. In place of an XUL-based user interface used by most Mozilla-based applications, Camino uses Mac-native Cocoa APIs, although it does not use native text boxes.
- --- 1. Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Camino has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
1) Introduction
===============
Pegasus Mail (PMail) is suitable for single or multiple users on stand-alone computers and for internal and Internet mail on local area networks. Pegasus Mail has minimal system requirements compared with competing products, for instance the installed program (excluding mailboxes) for version 4.51 requires only around 13.5 MB of hard drive space. Since Pegasus Mail does not make changes to the Windows registry or the system directory, it is suitable as a portable application for USB drives. Language packs are available for languages other than English.
Some commentators have described Pegasus Mail as convoluted and cumbersome to configure, whereas others value Pegasus Mail for the features it offers. A key feature of Pegasus Mail is that it does not use the HTML layout engine that is installed with every Microsoft operating system since 1997: The ubiquity of the Microsoft engine, which is used not only by all Microsoft products but by numerous 3rd party products as well, makes it a frequent target of malware such as Melissa and ILOVEYOU. Mail clients such as Pegasus Mail that have their own HTML rendering engine are inherently immune to these security exploits. Pegasus Mail will also not execute automation commands (for example ActiveX or JavaScript) embedded in an e-mail, further reducing the chances of a security breach.
(from Wikipedia website)
#####################################################################################
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
scripting and the execution of arbitrary code.
CVE-2008-1236
Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
Palmgren discovered crashes in the layout engine, which might
allow the execution of arbitrary code.
CVE-2008-1237
"georgi", "tgirmann" and Igor Bukanov discovered crashes in the
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
bypassed through window.dialogArguments.
CVE-2010-0159
Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn
Wargers and Paul Nickerson reported crashes in layout engine,
which might allow the execution of arbitrary code.
CVE-2010-0160
Orlando Barrera II discovered that incorrect memory handling in the
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
CVE-2007-5339
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
Exposures project identifies the following problems:
CVE-2008-0412
Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
I. BACKGROUND
---------------------
"Google Chrome is a web browser developed by Google that uses the WebKit
layout engine. As of August 2011, Chrome is the third most widely used
browser with 23.16% worldwide usage share of web browsers" (Wikipedia)
II. DESCRIPTION
---------------------
CVE-2010-1211
Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
layout engine, which might allow the execution of arbitrary code.
CVE-2010-1214
"JS3" discovered an integer overflow in the plugin code, which
could lead to the execution of arbitrary code.
site scripting filters (CVE-2010-2768)
- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)
- - Crashes in the layout engine may lead to the execution of arbitrary
code (CVE-2010-3169)
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-4.
site scripting filters (CVE-2010-2768)
- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)
- - Crashes in the layout engine may lead to the execution of arbitrary
code (CVE-2010-3169)
For the stable distribution (lenny), the problem has been fixed in
version 1.9.0.19-5. The packages for the mips architecture are not
calls could lead to attackers forcing acceptance of a confirmation
dialogue.
CVE-2011-0053
Crashes in the layout engine may lead to the execution of arbitrary
code.
CVE-2011-0054
Christian Holler discovered buffer overflows in the Javascript engine,
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul
Nickerson discovered crashes in the layout engine, which might allow
the execution of arbitrary code.
CVE-2008-0413
Carsten Book, Wesley Garland, Igor Bukanov, "moz_bug_r_a4", "shutdown",
Next Page>>
|
|
|
