Debian Linux Security Advisory 3092-1 - Multiple security issues have been found in Icedove, Debian's version of errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.
60eeb4de66b7fe2e983fc257ad2a3b7695d590ac40919d44f1f85ddc2eeb8dd4
Debian Linux Security Advisory 3090-1 - Multiple security issues have been found in Iceweasel, Debian's version overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.
3f2e6244a591365ffae33709bcbb25d419ac8896a0f7bb28979a2bba6c2e346f
Red Hat Security Advisory 2014-1919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
a4768a1ed845770137dfda480d18e5ff8ef4d9979506ee4ea4a8006dca8278db
Red Hat Security Advisory 2014-1924-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
83e959c70c565dccbc7e1ea95e005cc6482fec9b63d8bf67ef80c4d0bf4b9a88
Ubuntu Security Notice 2428-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. Various other issues were also addressed.
8505b81ac20cdc1ef60b089c97a91e3adac72def4c07e9d2c1aa4dbc2d3d9299
Ubuntu Security Notice 2424-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
bd64f6deeda37a74febafdf00c9dfcb38d1e411fb9b1ca87dc69dce474b713c5