exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2012-0444

Status Candidate

Overview

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

Related Files

Zero Day Initiative Advisory 12-059
Posted Apr 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-0444
SHA-256 | 8301227408abf61ea4f87c4aa97eee456073e86bfc0c62d51ee575bd80b3da0f
Mandriva Linux Security Advisory 2012-052
Posted Apr 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0444
SHA-256 | 5e6449c8bdacb71b6946d59bfce8358093914ffcbcc0ff899b2ec60227c3101f
Mandriva Linux Security Advisory 2012-051
Posted Apr 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3379, CVE-2012-0444
SHA-256 | 9793fc28c913f8fe59854d199f4a309e80a747af5460f53d3067bda0987f33b3
Ubuntu Security Notice USN-1370-1
Posted Feb 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0444
SHA-256 | 7572d0921c52a9da06d9150dd67b360cba58cfca335266d4be573a006fe6cbab
Debian Security Advisory 2412-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0444
SHA-256 | cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72
Debian Security Advisory 2412-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0444
SHA-256 | cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72
Ubuntu Security Notice USN-1369-1
Posted Feb 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1369-1 - Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0452, CVE-2011-3026, CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0452
SHA-256 | 828f494e34eb5a1f78ece739fb1b1d40cd48f816fcc1acab7510901c4f61b8a8
Red Hat Security Advisory 2012-0136-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0444
SHA-256 | a7c0d3490864f1b414b91819fc65ca0f07506a135da1b6cae025b0ee2e2d093c
Debian Security Advisory 2406-1
Posted Feb 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2406-1 - Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | 8c380c84934737b4f02c7cf785dbda1b2cc651735d0eb54d87525fbaa5777161
Ubuntu Security Notice USN-1350-1
Posted Feb 8, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1350-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0442, CVE-2011-3659, CVE-2012-0444, CVE-2012-0449, CVE-2011-3670, CVE-2011-3659, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | 3a7babbefbe9cbb03790441cebecf40e07b5710bf32e3a7246c6fd5201f6997e
Ubuntu Security Notice USN-1353-1
Posted Feb 8, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0442, CVE-2011-3659, CVE-2012-0444, CVE-2012-0449, CVE-2011-3670, CVE-2011-3659, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | f7a6b949074bf0235212ff0d3703dbf9cbeb0609ef5ab85127770d38e309ed10
Mandriva Linux Security Advisory 2012-013
Posted Feb 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
SHA-256 | 5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007
Ubuntu Security Notice USN-1355-1
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443, CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
SHA-256 | 7c86a4200c1cdd5ec495e92bba3e2afcc5e13d73d936f2b664424e9313d4a442
Ubuntu Security Notice USN-1355-2
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443
SHA-256 | 62f3881e6cd502ee7165e7fac91f4e1740fb29a4f3934a23bb74f7d9d7782398
Ubuntu Security Notice USN-1355-3
Posted Feb 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0450, CVE-2012-0449, CVE-2012-0444, CVE-2012-0447, CVE-2012-0446, CVE-2011-3659, CVE-2012-0445, CVE-2012-0443
SHA-256 | 2a1f3d1aba1379136bb62f0ebddb2710919d4326c73b90769f1c54518649f6b3
Debian Security Advisory 2402-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2402-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | f7f7b7d14f242917b8c9c29325d2201bc5a13f9d2f1a43f78eed23b9e91a0038
Debian Security Advisory 2400-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2400-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | 7006936160ec6a7163ea6ad37310b26604ff1fcc3095ba5d211b939d095f7887
Red Hat Security Advisory 2012-0079-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0079-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | 5a9313a4bbcfdfd051864822e683b63a5dfa82f6cc48e647569aa9163e8b5bfe
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close