Debian Linux Security Advisory 2556-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
dae9e88472f489701a9a4c3c26908271b44a466bf658731b487c1aa4c4bed850Ubuntu Security Notice 1551-2 - USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems.
1602967884ed018b65f06beb0b383b585f12b939f434d554e8f41f7ebbb61865Debian Linux Security Advisory 2554-1 - Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey.
367c4b80049e02adfcc8609be2a22ae776fe78a36fec636dc2cbf3dc28e9b0afDebian Linux Security Advisory 2553-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
ce64bacbc98340e5a363b5f1562cc53ee3c7b580b65eeed9f484cef84f2efa1aUbuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
dfaba959f6502b040fab156a51640bd5873540cd3fb41bf5a80683ee08d50f11Ubuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
c4e43e8c6418c4f1f910b3c3afaea8c1d484fffcf4da3940e16208abd45dcd5dUbuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
ce87c21a6c2469f17ca24d7dcc65b9195b43b4503dfb480587baa3201f6d1112Mandriva Linux Security Advisory 2012-147 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other vulnerabilities were also addressed.
ac842d060e5a71fbd19379a59603aad1eb68341ea634c795cd15a6abd94be521Mandriva Linux Security Advisory 2012-146 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Various other issues have also been addressed.
d9b0e412f5ed192520dfac9c307c9df27ba2b4bccfafea9d868885005ffef2ebRed Hat Security Advisory 2012-1211-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malicious Scalable Vector Graphics image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
8c97839258033a6c0ad46097a7e78aa875b3917ef4f5ccb91b32af7bc915816eRed Hat Security Advisory 2012-1210-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
9b5a9cea8f65e07fb2da4b3a175b7587efbc9e0360d69000b2ead87872003321
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed