Exploit the possiblities
Showing 1 - 8 of 8 RSS Feed

CVE-2012-1945

Status Candidate

Overview

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

Related Files

Ubuntu Security Notice USN-1463-6
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441
MD5 | bb09cb9aabd37916d4dcc9d37bdc2d5a
Mandriva Linux Security Advisory 2012-088-1
Posted Jun 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
MD5 | 1dcf1ded37eb2e639269faf984d889b0
Ubuntu Security Notice USN-1463-4
Posted Jun 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441, CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
MD5 | 03979ae4b8627700fc48bd1844652d4a
Ubuntu Security Notice USN-1463-3
Posted Jun 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-3 - USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441
MD5 | 1c4c5e3b639e47e8ee7f15965229aa2d
Mandriva Linux Security Advisory 2012-088
Posted Jun 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
MD5 | 0505f778c173a80b2a04c94cae35f2af
Red Hat Security Advisory 2012-0715-01
Posted Jun 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
MD5 | 80ca5f566c9f6e2c8c5379209545a0b5
Ubuntu Security Notice USN-1463-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441, CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
MD5 | 1311949c7eef4a0f68c3f027698b34e3
Red Hat Security Advisory 2012-0710-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0710-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
MD5 | fffd5b4c1d3eb173d69f16851930053b
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close