Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2011-2981

Status Candidate

Overview

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Related Files

Ubuntu Security Notice USN-1185-1
Posted Aug 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | e14fa973dcf6455d2f9e6034cca36188
Debian Security Advisory 2297-1
Posted Aug 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2297-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | 9d44d289bf13fe2691146dd955834316
Ubuntu Security Notice USN-1184-1
Posted Aug 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | 95fb43f7c003971a73428d65fbb9b987
Debian Security Advisory 2296-1
Posted Aug 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2296-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | 0837930e5c02cb917fe95572c61860da
Mandriva Linux Security Advisory 2011-127
Posted Aug 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-127 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-2982, CVE-2011-0084, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984, CVE-2011-2980, CVE-2011-2983
MD5 | 980b6d7757412876142e7222aa6a3643
Debian Security Advisory 2295-1
Posted Aug 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2295-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | 2bef295ab50108ee06139d713888765d
Red Hat Security Advisory 2011-1164-01
Posted Aug 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1164-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A dangling pointer flaw was found in the Firefox Scalable Vector Graphics text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984
MD5 | dc53ea37a98b094482e3342b3b8c54d0
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close