Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
45f0606cdf50c63612fe075a15b23fbeb663ddfc86721985a414ed37a510c2ddDebian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
092cd6fcae7be8a7336bf071b7e24a49ce0e54b973c54ce339cf692b2a748f70Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.
5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
1bc694bb7364fe045af2c603420b4ce5c13f78d79389c7548df6bc16771c9714Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
503b3e80fd666c5b552b19fdd7eca8d7aca2731d1cbcf9e0be54a272cdad137fUbuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed.
102cde32fa8d891e54788fea852e8b6a825b5afe8a3b7b8afa40b6db0cea7fcf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed