Gentoo Linux Security Advisory 201312-4 - An integer overflow in libtheora might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.1.1 are affected.
d390899e77f08b8de159b611a17dbfc329311c29ec4bc8175c49e5c6ecf8f076Debian Linux Security Advisory 2045-1 - Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service (crash of the player using this library), and possibly arbitrary code execution.
fa35d975d28eaad266cdb2a8f03dc6bb1b4d40ed95aa95d20e92299281e0d163Mandriva Linux Security Advisory 2010-043 - Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. The updated packages have been patched to correct this issue.
875eca5f9cf314f9aca1502f437c9db9c69e8b91cb31c53973dc02a3822a9159Mandriva Linux Security Advisory 2009-338 - Security issues were identified and fixed in Firefox 3.5.x. These include denial of service, code execution, integer overflows, and more.
9cc7efa925a6bb9208535359b11a52745232675dc023425cf0797df51d561d00Ubuntu Security Notice 874-1 - Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
4ce1761d16df1c6ee9f51786f7a5bcc1315bd2c5e16f07360499c7f71471f4ab
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed