Debian Security Advisory 1336-1 - Several remote vulnerabilities have been discovered in Mozilla Firefox. These vulnerabilities range from cross site scripting to integer overflows.
828c6bc19547b45ddb365966e2c17d0aGentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.
942dca52b7305221aa8d354bc1ea527dGentoo Linux Security Advisory GLSA 200703-18 - Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engine potentially leading to memory corruption. Additionally, the binary version of Mozilla Thunderbird includes a vulnerable NSS library which contains two possible buffer overflows involving the SSLv2 protocol. Versions less than 1.5.0.10 are affected.
6811970b6b513a48aed797c279fe2975Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.10.
f66f70525f954d3363c647ccfc2ac4c6Ubuntu Security Notice 431-1 - The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library. Various flaws have been reported that could allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page.
fca21518a8373a321d2bb42012f82a91Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
272b47bdd64a3e3aed526ce2a414c45eMandriva Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
15b10f6ffa7af181925ec1386a74cb9cUbuntu Security Notice 428-1 - Firefox has been patched to fix a slew of miscellaneous vulnerabilities including cross site scripting and SSL flaws.
3300c941a12a3ac1f996e8b22c1dc121iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
8c91b8eddd1ccac797ef1086095470ef
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed