Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite.
5f3741463ecc48ccf8ae4ebfd405196b887e872bd1b70b5a03ec77dabc5422bcGentoo Linux Security Advisory GLSA 200808-03 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.16 are affected.
f7ccc3b43cd5bbe95a3c5751dd9add265fff6b82e81dacde4ef97e2cc742415fUbuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
208d9fa4ec91bae0914c869ff66a50adc922a82314b1dfa26695559e72d2bd49Ubuntu Security Notice 626-1 - Multiple vulnerabilities in Firefox and xulrunner were addressed related to denial of service and splitting issues.
9d634e80f76191cdd15b2b4e0a11ca3c4cb89114f8cae5e64178d060845cffcfDebian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
1293a230aec19d4794ad667b0743ae3a6d411870c09bf514b6c912b80f087494Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
59ff1e0473a5b291feb220328e663ac8016843d8bd53f10e2bf2127d720e8f71Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues.
76eba6f73b6e7d2a8516126a241390c9d29ff38bdb15204ca28713e69a032f18Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
742712b79adb44ac6f189292da21ee47a7e298cb82d206626f47d0691011053a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed