what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2011-2999

Status Candidate

Overview

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.

Related Files

Debian Security Advisory 2317-1
Posted Oct 5, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2317-1 - Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.

tags | advisory, arbitrary, javascript
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | 4bcc6df353f5529680e8b4eacc49018f
Ubuntu Security Notice USN-1222-2
Posted Oct 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2997, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232
MD5 | fe8da750dc6f6f1bb50dab992eb82d82
Mandriva Linux Security Advisory 2011-141
Posted Oct 2, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-141 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2997, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232, CVE-2011-3867
MD5 | 9c9fc71342ab807d86e7889fcea66ac1
Mandriva Linux Security Advisory 2011-140
Posted Oct 2, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-140 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2999, CVE-2011-3000
MD5 | a5f2338c7470499e84abb64e2965a1e9
Mandriva Linux Security Advisory 2011-139
Posted Oct 2, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-139 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, javascript, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3867
MD5 | 1ff3d34440b5193ade69ea4a9c33a247
Ubuntu Security Notice USN-1222-1
Posted Sep 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2997, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232
MD5 | 18eaedd819de16906bb6ee55d9fdded3
Debian Security Advisory 2313-1
Posted Sep 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2313-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | 9715e7886f6bef350c41edfcd615f1ae
Debian Security Advisory 2312-1
Posted Sep 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | 15e7f94d61ddd429cbd7a0cfafdbc482
Red Hat Security Advisory 2011-1344-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1344-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, arbitrary, local, javascript
systems | linux, redhat
advisories | CVE-2011-2998, CVE-2011-2999
MD5 | 4aa7c0c184940dfe96df18044d99380b
Red Hat Security Advisory 2011-1343-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, local, javascript
systems | linux, redhat
advisories | CVE-2011-2998, CVE-2011-2999
MD5 | 4d6cde7b4ebe28ba40dcff0ceca6125d
Ubuntu Security Notice USN-1213-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2999, CVE-2011-3000
MD5 | 985adad35bdb8af5c09e8fbf916aa443
Red Hat Security Advisory 2011-1342-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | 7324394487fc6d3372a2e96cb643ac72
Red Hat Security Advisory 2011-1341-01
Posted Sep 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | d2c7e7e5247983f92df96feda5d4bcaf
Ubuntu Security Notice USN-1210-1
Posted Sep 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001
MD5 | f6a9c46e28c67f6f744d937892e1a600
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close