exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2011-0084

Status Candidate

Overview

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Related Files

Ubuntu Security Notice USN-1185-1
Posted Aug 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | 7d623d64d770f510ca059e7b6d7b019b181306370d0337f8cb840cf9be294609
Debian Security Advisory 2297-1
Posted Aug 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2297-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | bf80bb2acbfee25ec2d61f3cea47b4dcc44dfe0a8b8e4b570d6578844a6e66ee
Ubuntu Security Notice USN-1184-1
Posted Aug 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | 68d9b382506952648bd218d1ae83ec8905473437b4d223001330b9f822868ae1
Debian Security Advisory 2296-1
Posted Aug 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2296-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | a4404b9fb18f9a350bb2b2371d3cac0a81db85327706b6a845580692d565c690
Mandriva Linux Security Advisory 2011-127
Posted Aug 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-127 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-2982, CVE-2011-0084, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984, CVE-2011-2980, CVE-2011-2983
SHA-256 | e421d304f51c8cb168d09ef596f40ef0cdd2c492c171c10d2d3e026d7478b0d7
Ubuntu Security Notice USN-1192-1
Posted Aug 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2011-0084, CVE-2011-2985, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2990, CVE-2011-2991, CVE-2011-2992, CVE-2011-2993
SHA-256 | fd0dbc52704b7de27d589a9b373d2248010c2f4ec11b9682f224be9222b632fe
Zero Day Initiative Advisory 11-270
Posted Aug 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-270 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0084
SHA-256 | 0f368d6df5a7ffd0df32d49af6804ae79620976925fef31f93bc05c7ebc777ee
Debian Security Advisory 2295-1
Posted Aug 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2295-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | 95219bca0ef6e4dde58235d45a45ea554744df01190f82f59e0dd3dc26f57eaf
Red Hat Security Advisory 2011-1166-01
Posted Aug 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2982
SHA-256 | d07229aa2330f70302700aa4bfbf13bacc4cf2d26907cbd137d72e160c3cfdd4
Red Hat Security Advisory 2011-1164-01
Posted Aug 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1164-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A dangling pointer flaw was found in the Firefox Scalable Vector Graphics text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
SHA-256 | 773f2e4dd7737076c22577213e613c524818da6fe7791e5fcf2502dfd46dc22c
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close