Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.
8301227408abf61ea4f87c4aa97eee456073e86bfc0c62d51ee575bd80b3da0fMandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
5e6449c8bdacb71b6946d59bfce8358093914ffcbcc0ff899b2ec60227c3101fMandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
9793fc28c913f8fe59854d199f4a309e80a747af5460f53d3067bda0987f33b3Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
7572d0921c52a9da06d9150dd67b360cba58cfca335266d4be573a006fe6cbabDebian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72Ubuntu Security Notice 1369-1 - Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
828f494e34eb5a1f78ece739fb1b1d40cd48f816fcc1acab7510901c4f61b8a8Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
a7c0d3490864f1b414b91819fc65ca0f07506a135da1b6cae025b0ee2e2d093cDebian Linux Security Advisory 2406-1 - Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.
8c380c84934737b4f02c7cf785dbda1b2cc651735d0eb54d87525fbaa5777161Ubuntu Security Notice 1350-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
3a7babbefbe9cbb03790441cebecf40e07b5710bf32e3a7246c6fd5201f6997eUbuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.
f7a6b949074bf0235212ff0d3703dbf9cbeb0609ef5ab85127770d38e309ed10Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.
5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007Ubuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
7c86a4200c1cdd5ec495e92bba3e2afcc5e13d73d936f2b664424e9313d4a442Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
62f3881e6cd502ee7165e7fac91f4e1740fb29a4f3934a23bb74f7d9d7782398Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2a1f3d1aba1379136bb62f0ebddb2710919d4326c73b90769f1c54518649f6b3Debian Linux Security Advisory 2402-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
f7f7b7d14f242917b8c9c29325d2201bc5a13f9d2f1a43f78eed23b9e91a0038Debian Linux Security Advisory 2400-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
7006936160ec6a7163ea6ad37310b26604ff1fcc3095ba5d211b939d095f7887Red Hat Security Advisory 2012-0079-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
5a9313a4bbcfdfd051864822e683b63a5dfa82f6cc48e647569aa9163e8b5bfe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed