what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2011-0054

Status Candidate

Overview

Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.

Related Files

Ubuntu Security Notice USN-1123-1
Posted Apr 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1123-1 - A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, code execution, xss
systems | linux, ubuntu
advisories | CVE-2010-3776, CVE-2010-3778, CVE-2011-0053, CVE-2011-0062, CVE-2011-0051, CVE-2011-0055, CVE-2011-0054, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2010-1585, CVE-2011-0059, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072, CVE-2011-0065, CVE-2011-0066, CVE-2011-0073, CVE-2011-0067, CVE-2011-0071, CVE-2011-1202
MD5 | 19bf2b5b7f2b9cc69998f3c55978d406
Debian Security Advisory 2186-2
Posted Mar 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2186-2 - The security update DSA-2186 issued for Iceweasel caused a regression in Vimperator, an Iceweasel extension to make it have vim look and feel. vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore compatibility. Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
MD5 | 1fb44aaa99cba7aabc32cba6243adc58
Debian Security Advisory 2187-1
Posted Mar 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2187-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
MD5 | efb0cb420956b448c8999ab257f59e54
Debian Security Advisory 2186-1
Posted Mar 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2186-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
MD5 | 6895be27a72ddfb78f85576a15c9463d
Ubuntu Security Notice USN-1049-2
Posted Mar 7, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062, CVE-2011-0056
MD5 | ed6a0c6776f2067a9a92b34fb4bbce08
Mandriva Linux Security Advisory 2011-041
Posted Mar 5, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-041 - Multiple vulnerabilities have been discovered and addressed in Firefox. Cross-site request forgery vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service via a long string that triggers construction of a long text run. Various other issues have also been addressed.

tags | advisory, remote, web, denial of service, overflow, arbitrary, vulnerability, csrf
systems | linux, windows, mandriva
advisories | CVE-2011-0059, CVE-2011-0061, CVE-2010-1585, CVE-2011-0058, CVE-2011-0057, CVE-2011-0056, CVE-2011-0054, CVE-2011-0055, CVE-2011-0051, CVE-2011-0062
MD5 | ee82fc7d9d7048ed838c97dc9b3fc7b9
Debian Security Advisory 2180-1
Posted Mar 3, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2180-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Roberto Suggi Liverani discovered that the sanitizing performed by ParanoidFragmentSink was incomplete. Zach Hoffmann discovered that incorrect parsing of recursive eval() calls could lead to attackers forcing acceptance of a confirmation dialogue. Crashes in the layout engine may lead to the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Various other issues have also been addressed.

tags | advisory, overflow, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059
MD5 | 608f5e8de92c924fb36ec3da91ba001e
Ubuntu Security Notice USN-1049-1
Posted Mar 3, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1049-1 - Multiple vulnerabilities have been addressed in the firefox and xulrunner packages. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. Various other issues have also been addressed.

tags | advisory, overflow, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062, CVE-2011-0056
MD5 | 87054462e41199608d331fcf628b8b8b
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    6 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close