ignore security and it'll go away
Showing 1 - 14 of 14 RSS Feed

CVE-2011-2371

Status Candidate

Overview

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

Related Files

Mozilla Firefox 4.0.1 Integer Overflow
Posted Feb 27, 2012
Authored by pa_kt

Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.

tags | exploit, overflow
advisories | CVE-2011-2371
MD5 | 7b1de00624beb0c2e001fc131c1ec90c
Mozilla Firefox Array.reduceRight() Integer Overflow
Posted Oct 14, 2011
Authored by Chris Rohlf, Matteo Memelli, sinn3r, dookie2000ca, Yan Ivnitskiy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2371
MD5 | 8f671993e315b396062e0dd7604ee0b8
Mozilla Firefox Integer Overflow
Posted Oct 13, 2011
Authored by Matteo Memelli

Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.

tags | exploit, overflow
advisories | CVE-2011-2371
MD5 | 0c130b815fbf67b41e790fd6a0e12dee
Ubuntu Security Notice USN-1150-1
Posted Jul 16, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.

tags | advisory, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2365, CVE-2011-2374, CVE-2011-2376, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376, CVE-2011-2377
MD5 | 4c16eeb5bca0f2eb1af17bfc737f43ec
Debian Security Advisory 2273-1
Posted Jul 7, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2273-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376
MD5 | d5bbe88411aceedf2e2e6f036e80ca58
Debian Security Advisory 2269-1
Posted Jul 1, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2269-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376
MD5 | feeeafec478e923ac8fbc7500c000c2b
Debian Security Advisory 2268-1
Posted Jul 1, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2268-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376
MD5 | 6277a36a43fc5908cddbbc271fa10f2c
Ubuntu Security Notice USN-1157-3
Posted Jun 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1157-3 - USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2366, CVE-2011-2367, CVE-2011-2368, CVE-2011-2369, CVE-2011-2370, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2377
MD5 | d1423013688e59c7376e90eba56d3a40
Ubuntu Security Notice USN-1149-1
Posted Jun 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2374, CVE-2011-2376, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376, CVE-2011-2377
MD5 | c086cdcd68a591f8113fc4b575b8dfbf
Mandriva Linux Security Advisory 2011-111
Posted Jun 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-111 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2363, CVE-2011-2362, CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2371, CVE-2011-2373, CVE-2011-2377
MD5 | f5633737bf946d9a4e73d21a0ecc860b
Ubuntu Security Notice USN-1157-1
Posted Jun 23, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2366, CVE-2011-2367, CVE-2011-2368, CVE-2011-2369, CVE-2011-2370, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2377
MD5 | aa7bbed6b20c618bb3f5f1926ca4c970
Red Hat Security Advisory 2011-0888-01
Posted Jun 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0888-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
MD5 | 3d0e857d9505498b4ad60d4273c873da
Red Hat Security Advisory 2011-0887-01
Posted Jun 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0887-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
MD5 | dbf41c54c7ab3356c64081d2b66803d6
Red Hat Security Advisory 2011-0885-01
Posted Jun 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0885-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
MD5 | 144c083c0c643003226045ac5ceb6191
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close