Ubuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.
7d623d64d770f510ca059e7b6d7b019b181306370d0337f8cb840cf9be294609Debian Linux Security Advisory 2297-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
bf80bb2acbfee25ec2d61f3cea47b4dcc44dfe0a8b8e4b570d6578844a6e66eeUbuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.
68d9b382506952648bd218d1ae83ec8905473437b4d223001330b9f822868ae1Debian Linux Security Advisory 2296-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
a4404b9fb18f9a350bb2b2371d3cac0a81db85327706b6a845580692d565c690Mandriva Linux Security Advisory 2011-127 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products.
e421d304f51c8cb168d09ef596f40ef0cdd2c492c171c10d2d3e026d7478b0d7Zero Day Initiative Advisory 11-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.
7a874826c13077a493651ffcc60cd5531760c54fa0d0eb8ba96279740a07e5bdDebian Linux Security Advisory 2295-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
95219bca0ef6e4dde58235d45a45ea554744df01190f82f59e0dd3dc26f57eafRed Hat Security Advisory 2011-1166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
d07229aa2330f70302700aa4bfbf13bacc4cf2d26907cbd137d72e160c3cfdd4Red Hat Security Advisory 2011-1164-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A dangling pointer flaw was found in the Firefox Scalable Vector Graphics text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
773f2e4dd7737076c22577213e613c524818da6fe7791e5fcf2502dfd46dc22c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed