Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
154fedd699ba34a05bcf8f64a0d9f5313de39f5e8b2112be12d7f1262c1160b3Ubuntu Security Notice USN-668-1 - Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient.
93c13caf984544b75658e4212d7aaa699eb879c7bc04c2105c1fd518f47587d5Debian Security Advisory 1671-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser.
c5a78f55c14b26a68e81841d5360df0539f188aeeb9f349c63487740de70a5a8Mandriva Linux Security Advisory 2008-235 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18. This update provides the latest Thunderbird to correct these issues.
44036de256b0e04eb1de81b4d8a4440f06f4eb36e8dc7c04a8a72dea9cd3a984Ubuntu Security Notice USN-667-1 - A large amount of vulnerabilities have been addressed in Firefox. Flaws such as information disclosure, bypassing of same-origin checks, arbitrary code execution, and more exist in prior versions.
3539bbffe716c66f61f4752616fc676ae59204f98ea1fa83c48246d195046fbbMandriva Linux Security Advisory 2008-230 - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4. This update provides the latest Mozilla Firefox 3.x to correct these issues.
cd12dfa15bcb2ac0c25d66d11ff5cdbdabd4a8e11943b79c78f4fd30d75a880cMandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18.
1fc998809fc853d4ec354eccd0d4b35d156ad52fd46b64972d48908e0ba6e2c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed