rendering engine
investigation, the vendor determined that the proof-of-concept provided
by Core was actually exploiting a different bug than the one originally
reported and therefore it should be considered a separate security
issue. The URLMON sniffing vulnerability refers to the variant
discovered in the CORE-2008-0826 time line. When loading a local file
Internet Explorer's HTML rendering engine [7] will only check its MIME
type to see if it is a positive match on the files it can handle. For
unknown types that are treated as HTML because they've been referred to
by a redirection, content type determination will default to 'text/html'
in absence of a type explicitly set by the content source. In the case
of non-html files for which there isn't an explicit content-type set,
presses the ENTER key.
CVE-2011-2995
Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes
in the rendering engine, which could lead to the execution of
arbitrary code.
CVE-2011-2998
Mark Kaplan discovered an integer underflow in the javascript
presses the ENTER key.
CVE-2011-2995
Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes
in the rendering engine, which could lead to the execution of
arbitrary code.
CVE-2011-2998
Mark Kaplan discovered an integer underflow in the javascript
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3702 CVE-2010-3704
Joel Voss of Leviathan Security Group discovered two vulnerabilities
in xpdf rendering engine, which may lead to the execution of arbitrary
code if a malformed PDF file is opened.
For the stable distribution (lenny), these problems have been fixed in
version 3.02-1.4+lenny3.
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
Babylon is a single-click computer online dictionary and translation
software
which is also capable of translating whole documents and web pages. The
translation and dictionary results are presented to the user via the
Trident
layout engine (an in-app/embedded Internet-Explorer rendering engine).
Vulnerability
=============
Babylon fails to sanitize user input before rendering it on the Trident
control,
QtWeb Browser is a lightweight, secure and portable browser having
unique user interface and privacy features that
fills the gaps in most of players on browsers market
(http://www.qtweb.net/about.php).
It's open source project based on Nokia's Qt framework and Apple's
WebKit rendering engine used in Apple Safari
and Google Chrome.
3. VULNERABILITY DESCRIPTION
Problem Description:
A vulnerability has been discovered and corrected in freetype2:
Multiple stack overflow flaws have been reported in the way FreeType
font rendering engine processed certain CFF opcodes. An attacker
could use these flaws to create a specially-crafted font file that,
when opened, would cause an application linked against libfreetype
to crash, or, possibly execute arbitrary code (CVE-2010-1797).
Packages for 2008.0 and 2009.0 are provided as of the Extended
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap
Corruption
http://www.zerodayinitiative.com/advisories/ZDI-08-049
August 12, 2008
-- CVE ID:
CVE-2008-3021
-- Affected Vendors:
Microsoft
Camino 1.5.2 Release Notes document is available at
http://caminobrowser.org/releases/1.5.2/
"Camino 1.5.2 contains the following improvements over version 1.5.1:
* Upgraded to version 1.8.1.8 of the Mozilla Gecko rendering engine, which includes several critical security and stability fixes."
Affected products:
Camino versions 0.x and 1.x
Solution:
execution of arbitrary code.
Background
==========
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine
Gecko.
Affected packages
=================
1) Introduction
===============
Pegasus Mail (PMail) is suitable for single or multiple users on stand-alone computers and for internal and Internet mail on local area networks. Pegasus Mail has minimal system requirements compared with competing products, for instance the installed program (excluding mailboxes) for version 4.51 requires only around 13.5 MB of hard drive space. Since Pegasus Mail does not make changes to the Windows registry or the system directory, it is suitable as a portable application for USB drives. Language packs are available for languages other than English.
Some commentators have described Pegasus Mail as convoluted and cumbersome to configure, whereas others value Pegasus Mail for the features it offers. A key feature of Pegasus Mail is that it does not use the HTML layout engine that is installed with every Microsoft operating system since 1997: The ubiquity of the Microsoft engine, which is used not only by all Microsoft products but by numerous 3rd party products as well, makes it a frequent target of malware such as Melissa and ILOVEYOU. Mail clients such as Pegasus Mail that have their own HTML rendering engine are inherently immune to these security exploits. Pegasus Mail will also not execute automation commands (for example ActiveX or JavaScript) embedded in an e-mail, further reducing the chances of a security breach.
(from Wikipedia website)
#####################################################################################
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3311
Marc Schoenefeld has found an input stream position error in the
way the FreeType font rendering engine processed input file streams.
If a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code.
presses the ENTER key.
CVE-2011-2995
Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes
in the rendering engine, which could lead to the execution of
arbitrary code.
CVE-2011-2998
Mark Kaplan discovered an integer underflow in the javascript
Problem Description:
A vulnerability was discovered and corrected in freetype2:
Marc Schoenefeld found an input stream position error in the way
FreeType font rendering engine processed input file streams. If
a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code (integer
overflow leading to heap-based buffer overflow in the libXft library)
It appears that Camino Project has released new security update version 1.5.1 recently.
Reference:
Camino 1.5.1 Release Notes
http://www.caminobrowser.org/releases/1.5.1/
"Upgraded to version 1.8.1.6 of the Mozilla Gecko rendering engine, which includes several critical security and stability fixes."
Gecko 1.8.1.6 is the codebase of Mozilla Firefox 2.0.0.6:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
Affected products:
|
