Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
3bea20b83e873bb59e3d9af80b0cc255aa984c156e6a4adaa8824c99f68f671fDebian Linux Security Advisory 2273-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
2ef146aca09d233410ab44c6e1c9973fa960736b2e7f412227bd5dcfb267e6ffDebian Linux Security Advisory 2269-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
0e5343abc1896f7a308f56fd04001172045bc0e7f0ffe2d0e664fd3a2504db18Debian Linux Security Advisory 2268-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
fdb142688bfe19e8679d683ddce476c6dcb23df5edca080537dca630652d30e5Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
f55fddce9d2bddcb039c6598e1e5566ab72817a1185ebc7d254888c12c8d5f6fMandriva Linux Security Advisory 2011-111 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. Various other issues were also addressed.
f7dd994ed60b9ada7310c8c1c6924839daffb71af4e1d407d023ec1f99cea07eRed Hat Security Advisory 2011-0888-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Various other issues were also addressed.
cf245aeab870061e8a04bb658d1aeb2eb9c68ca491892c4694343a4d3a10f713Red Hat Security Advisory 2011-0887-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.
9b19bbc8ce01c3252aefbef54859840c0b7f03a9f2dfeb6997df0e8f492f7c69Red Hat Security Advisory 2011-0886-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.
2f08736e99b36ce03da9395cd8ab87d3d207f194e7beb67d720c533ec1ea2b75Red Hat Security Advisory 2011-0885-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Various other issues were also addressed.
dc41b785f8118ecc6aabf2b2e57dd5dc4c56abcf1d3b4c786817c2ed955e7911Zero Day Initiative Advisory 11-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG polygon objects. The code within nsSVGPointList::AppendElement() does not account for user defined getter methods modifying or destroying the parent object during a repaint. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
a82536d4f4f1ff9da734433f61f9747354275bf65dee5fc17e6eb93f275febce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed