Mozilla Firefox version 4.0.1 Array.reduceRight() integer overflow exploit.
7765d8391885eb46e7e47c01a9ee30c61bc0afc6001023851f365b67c51d6eae
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6
Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.
b0d79a9af8ab6b14c5febfcb8aae8db449fcd6cc78eecbb021905dadaa2e2e0e
Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
3bea20b83e873bb59e3d9af80b0cc255aa984c156e6a4adaa8824c99f68f671f
Debian Linux Security Advisory 2273-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
2ef146aca09d233410ab44c6e1c9973fa960736b2e7f412227bd5dcfb267e6ff
Debian Linux Security Advisory 2269-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
0e5343abc1896f7a308f56fd04001172045bc0e7f0ffe2d0e664fd3a2504db18
Debian Linux Security Advisory 2268-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
fdb142688bfe19e8679d683ddce476c6dcb23df5edca080537dca630652d30e5
Ubuntu Security Notice 1157-3 - USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This update fixes the problem.
1f06eaaf0e9e4c10be161a5015eab74c9ebe632a8a649a51c954db744e7eed54
Ubuntu Security Notice 1149-1 - Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
f55fddce9d2bddcb039c6598e1e5566ab72817a1185ebc7d254888c12c8d5f6f
Mandriva Linux Security Advisory 2011-111 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. Various other issues were also addressed.
f7dd994ed60b9ada7310c8c1c6924839daffb71af4e1d407d023ec1f99cea07e
Ubuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
6901bd3bd698c3f992c925348a9980fc10a18121095e9376894d341d91280f14
Red Hat Security Advisory 2011-0888-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. Various other issues were also addressed.
cf245aeab870061e8a04bb658d1aeb2eb9c68ca491892c4694343a4d3a10f713
Red Hat Security Advisory 2011-0887-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Various other issues were also addressed.
9b19bbc8ce01c3252aefbef54859840c0b7f03a9f2dfeb6997df0e8f492f7c69
Red Hat Security Advisory 2011-0885-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Various other issues were also addressed.
dc41b785f8118ecc6aabf2b2e57dd5dc4c56abcf1d3b4c786817c2ed955e7911