all things security
Showing 1 - 4 of 4 RSS Feed

CVE-2011-3655

Status Candidate

Overview

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

Related Files

Ubuntu Security Notice USN-1282-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | 0f8be181a4741f28ef240fd3470242a0
Ubuntu Security Notice USN-1277-2
Posted Nov 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1277-2 - USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were addressed as well.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | 4c5cf8a2d6a455628518e110753cd9c8
Ubuntu Security Notice USN-1277-1
Posted Nov 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1277-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | ec1bbab85b1672ddd6bdab441702f7fd
Mandriva Linux Security Advisory 2011-169
Posted Nov 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-169 - Security issues were identified and fixed in mozilla NSS, firefox and thunderbird. 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. Untrusted search path vulnerability in Mozilla Network Security Services might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. Cross-site scripting vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, local, root, trojan, xss
systems | linux, mandriva
advisories | CVE-2011-3640, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | e1ba60163ff2de637296e552394bcc62
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close