Debian Security Advisory 1336-1 - Several remote vulnerabilities have been discovered in Mozilla Firefox. These vulnerabilities range from cross site scripting to integer overflows.
a98c39a362439e5b88e741c42cab3df3a56653b20b92b9b497c954513ffad1b0Gentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.
72a04b8fd36b196d5d79f64d9f94bfdc9b93cdc6b9aa31fbee63aed8a7fc945eGentoo Linux Security Advisory GLSA 200703-18 - Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engine potentially leading to memory corruption. Additionally, the binary version of Mozilla Thunderbird includes a vulnerable NSS library which contains two possible buffer overflows involving the SSLv2 protocol. Versions less than 1.5.0.10 are affected.
a563f9b94b8699de557578b04754c0b16dacda38c320528899e82e8a1a07d59aMandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.10.
f7a8d5e7041622e079eded1e0ed0bf7bac944422c455a68faf68affd720450fdUbuntu Security Notice 431-1 - The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library. Various flaws have been reported that could allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page.
9c436bfadf20ae8862df74281d0622c386dda1ba146f6515d38db17a038d22e3Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
a6c727c9c55b7a3d9a6b157a2ab03de066cd8481902e55ee8a61cf7b1109a114Mandriva Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
34faf69d53de56d5a38c7ca739e1ce69186e39d4823b154794ad09079dc48938Ubuntu Security Notice 428-1 - Firefox has been patched to fix a slew of miscellaneous vulnerabilities including cross site scripting and SSL flaws.
624e75c29f4a125c67b1be7fc1f599a665731a75def9a05badf4fc8845961c58iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
dc4ab453dda77e026844208264a462cb957ca2492ea8e8a46e862bdaf9c7328f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed