Red Hat Security Advisory 2011-0888-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Various other issues were also addressed.
cf245aeab870061e8a04bb658d1aeb2eb9c68ca491892c4694343a4d3a10f713Red Hat Security Advisory 2011-0887-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.
9b19bbc8ce01c3252aefbef54859840c0b7f03a9f2dfeb6997df0e8f492f7c69Red Hat Security Advisory 2011-0886-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.
2f08736e99b36ce03da9395cd8ab87d3d207f194e7beb67d720c533ec1ea2b75Red Hat Security Advisory 2011-0885-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Various other issues were also addressed.
dc41b785f8118ecc6aabf2b2e57dd5dc4c56abcf1d3b4c786817c2ed955e7911Zero Day Initiative Advisory 11-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nsXULCommandDispatcher.cpp source code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to force command dispatcher to remove all the updaters in the mUpdaters chain including the one that is currently in use. As a result, the local variable updater becomes a stale pointer and updater->mNext refers to memory previously freed. Successful exploitation can lead to code execution in the context of the browser.
7863f617a6f44ef8bf90e7543ea93c2246ad911302f2326be55b6031f03e0ecbZero Day Initiative Advisory 11-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG polygon objects. The code within nsSVGPointList::AppendElement() does not account for user defined getter methods modifying or destroying the parent object during a repaint. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
a82536d4f4f1ff9da734433f61f9747354275bf65dee5fc17e6eb93f275febceZero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
82ac5b76e47dd9bb4e8d57a655fd2f96f4bc256c8bf573a722d82424bbebb367Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ba1826fb855135b0d2f8008bbddbf61f5e8cfb8c9332cbf066bc74d8ac8342dbUbuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
20e18a4b4c5d1ca6912f57f2ba40b62da3ca3152aff5b4b0849321690eed0f1cSlackware Security Advisory - fetchmail packages have been updated to fix a denial of service vulnerability in the STARTTLS protocol phases.
e105c721442a8baa6254dc4effec15470371d9e6558d8ceb8b547b3371e8cddbSecunia Security Advisory - A vulnerability has been reported in DokuWiki, which can be exploited by malicious people to conduct script insertion attacks.
5733f827338e5a871d62236abcad8971d21401c0b59d85a0e08791ba23ca5892Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
4c6d20bb726c60059291294fad494a7b4b1b2dd786dbad56275350b4d15baeccSecunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Sitemagic CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
74d561568cb2fb3f8ede37a1074b6bbfe3c49571f9cdc945b10c6729b4dfc55aSecunia Security Advisory - A vulnerability has been reported in Piwik, which can be exploited by malicious people to compromise a vulnerable system.
8c5c090209e382290931fe64848e6ea1e831a977609c3f78d637c42146bfc97fSecunia Security Advisory - Secunia Research has discovered a security issue in NNT Change Tracker and Remote Angel, which can be exploited by malicious, local users to gain escalated privileges.
015a7fb682705d0816da847b19abc46ac8a6233e948b42e2d1dbcb6642f06c86Secunia Security Advisory - Some vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
6134712f18921b5bf3174918b3f19926a1d6407e7c497d560e317397c6539153Secunia Security Advisory - Debian has issued an update for perl. This fixes a weakness, which can be exploited by malicious people to bypass certain security features.
2a3ade82df916b2d08adfbcdba55d7bf636de2d01346d73d4e6d0868c7cff924Secunia Security Advisory - Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and bypass certain security restrictions.
80c7e3a3f0b82036f7b2979ed11098e0914d2b3e2a2bb83a573076fe473d18acSecunia Security Advisory - Some vulnerabilities have been reported in IBM Rational Team Concert, which can be exploited by malicious people to conduct cross-site scripting attacks.
1249fa369b6620a5bd4971a5eeb37f2d980e5dd90f41c1a7d6effd5dd224725eSecunia Security Advisory - A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
e96a32c8c5cc2d16bd5db93572a9bbe776aa9bdf55b29408c960c3b5742b6e1fSecunia Security Advisory - Two vulnerabilities have been reported in CIDWeb, which can be exploited by malicious people to conduct cross-site scripting attacks.
e97f99fa07e6af15b404337adc71be51aa80d44bff10a2c7f5ad2f43fb1f5036Secunia Security Advisory - Debian has issued an update for linux-2.6. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to conduct DNS cache poisoning attacks, disclose system information, disclose potentially sensitive information, bypass certain security restrictions, potentially gain escalated privileges, or cause a DoS (Denial of Service), by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
a276a16c56ea538732673ea87d2f816f2bd1297411a8ac333b8bf5a8b1e61599Secunia Security Advisory - A vulnerability has been reported in WeblyGo, which can be exploited by malicious people to conduct cross-site scripting attacks.
daaccc77cfb93a15de0a71bdd19dfb6332e9e33232c09350d8284ca91872ac29Secunia Security Advisory - A weakness has been reported in Wing FTP Server, which can be exploited by malicious users to bypass certain security restrictions.
b656688fe3490ea8805910739cc5d67ab5bd2e2f659c03924be4db2f7edc3f51Secunia Security Advisory - A weakness has been reported in Blue Coat ProxySG, which can be exploited by malicious, local users to disclose sensitive information.
0fc47b6f37c8cc3dc241557a451acb2af8d19f702f8f0314068fe18b41b4d356
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed