seeing is believing
Showing 1 - 7 of 7 RSS Feed

CVE-2012-5841

Status Candidate

Overview

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

Related Files

Ubuntu Security Notice USN-1638-3
Posted Dec 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-3 - USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-5837, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838
MD5 | 39bc1fdac43e55818142caa5f97c5357
Mandriva Linux Security Advisory 2012-173
Posted Nov 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-5842, CVE-2012-4202, CVE-2012-4201, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-5833, CVE-2012-5835
MD5 | 9df0efcb9060ea60d916e2e7aca5a183
Ubuntu Security Notice USN-1638-2
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838
MD5 | c6fded06c47bd2b26e5046d9ccb8e0cb
Ubuntu Security Notice USN-1636-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-4201, CVE-2012-4202, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214
MD5 | 39c8058fa43757747f6dbd379002ec55
Ubuntu Security Notice USN-1638-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209
MD5 | 498864cbc609ba81e7d68e93add966a8
Red Hat Security Advisory 2012-1482-01
Posted Nov 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1482-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A buffer overflow flaw was found in the way Firefox handled GIF images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842
MD5 | 9ad344a5e6cecc86013df95120983154
Red Hat Security Advisory 2012-1483-01
Posted Nov 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1483-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was found in the way Thunderbird handled GIF images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842
MD5 | e6e2a581e312b096e55fe25c42aa639a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close