what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2012-1956

Status Candidate

Overview

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.

Related Files

Red Hat Security Advisory 2012-1350-01
Posted Oct 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1350-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.

tags | advisory, web, arbitrary, code execution, info disclosure
systems | linux, redhat
advisories | CVE-2012-1956, CVE-2012-3982, CVE-2012-3986, CVE-2012-3988, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188
SHA-256 | c8d7292c8a6e60864621280d45d831aa43f4c5b9661f6df6ad09a301b22438f6
Red Hat Security Advisory 2012-1351-01
Posted Oct 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.

tags | advisory, arbitrary, code execution, info disclosure
systems | linux, redhat
advisories | CVE-2012-1956, CVE-2012-3982, CVE-2012-3986, CVE-2012-3988, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188
SHA-256 | 04a92bb829de1fb8dac97dcd040a06a8fa9a0030cb8e56101023c6d8cd50f381
Ubuntu Security Notice USN-1551-2
Posted Sep 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1551-2 - USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-1956, CVE-2012-3966, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
SHA-256 | 1602967884ed018b65f06beb0b383b585f12b939f434d554e8f41f7ebbb61865
Ubuntu Security Notice USN-1548-2
Posted Sep 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-1956, CVE-2012-3965, CVE-2012-3966, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980
SHA-256 | dfaba959f6502b040fab156a51640bd5873540cd3fb41bf5a80683ee08d50f11
Ubuntu Security Notice USN-1551-1
Posted Aug 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-1956, CVE-2012-3966, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980, CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957
SHA-256 | c4e43e8c6418c4f1f910b3c3afaea8c1d484fffcf4da3940e16208abd45dcd5d
Ubuntu Security Notice USN-1548-1
Posted Aug 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-1956, CVE-2012-3965, CVE-2012-3966, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980, CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976
SHA-256 | ce87c21a6c2469f17ca24d7dcc65b9195b43b4503dfb480587baa3201f6d1112
Mandriva Linux Security Advisory 2012-147
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-147 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other vulnerabilities were also addressed.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss
systems | linux, mandriva
advisories | CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3974, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
SHA-256 | ac842d060e5a71fbd19379a59603aad1eb68341ea634c795cd15a6abd94be521
Mandriva Linux Security Advisory 2012-145
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-145 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other issues have also been addressed.

tags | advisory, xss
systems | linux, mandriva
advisories | CVE-2012-1956, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976
SHA-256 | 9fbb0084a57f0671e6c2c0ce4d1e2841a703b2cf91116f2f1ffd7567ef4804dc
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close