exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-2292

Status Candidate

Overview

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Related Files

Gentoo Linux Security Advisory 200711-14
Posted Nov 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 9406d653f481b768d289697671963843abc5749121b2f6c0fbe1ff5ea8d7b3e1
Debian Linux Security Advisory 1401-1
Posted Nov 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1401-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 9bc7902a3a9d13707c50680a45511ae88d83140ad502a37acbb6b1f0fad70d4a
Debian Linux Security Advisory 1396-1
Posted Oct 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1396-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 8fe44bb7245d98b16367831bc25a2cdbd53ab91d169bf07f76151139fb5dac32
Ubuntu Security Notice 536-1
Posted Oct 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 536-1 - A massive slew of vulnerabilities that relate to mozilla-thunderbird have been patched. It would be wise to upgrade now.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 5d868ca3cbf8195030fcde8ba5b7c3d30109913f90eb6ea9b8d3da2f0f586fd5
Mandriva Linux Security Advisory 2007.202
Posted Oct 23, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.8.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-4841, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 2135e6c07c0d7978822688d56feada1ec50ecedb20b2a667e7732def2eeac94d
Ubuntu Security Notice 535-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 535-1 - A large amount of flaws related to Firefox have been fixed under Ubuntu. These include forced upload and javascript insertion vulnerabilities.

tags | advisory, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5335, CVE-2007-5336, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | e937e8ad5d0b409d665ed543ec76877c5a6c7850fb23798031b11ce6ee1da4ed
Debian Linux Security Advisory 1392-1
Posted Oct 23, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1392-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340
SHA-256 | 07283a47e9583c7edb535f3b607f378ec46027553dd159a84808cd043699ff16
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close