Ubuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
5d3902230b50cfd2bd1b1b1aa5ebd526fbc1fd4a01b7b4e886ba19146d65c11bUbuntu Security Notice 2102-2 - USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem.
085d3227e717c4fbd89c5b5e3cb5eff85c21ea506f206c55ffa9a456ae32b368Ubuntu Security Notice 2102-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0112eed2fceaf13b2542d6600afaeb7f15912d2d310028a88473ed6d7bf8838eDebian Linux Security Advisory 2858-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.
3a4bb06a518cf1e26337e7a1c86410d103df0d9d3d8f00585f44f06686d82ab2Red Hat Security Advisory 2014-0133-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting attacks, or could potentially be used to gather authentication tokens and other data from third-party websites.
c5fcf6f9f6778d5a4422c57409d892d9ac6a1b02c051a83ed7f7a87f2571cca5Red Hat Security Advisory 2014-0132-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting attacks, or could potentially be used to gather authentication tokens and other data from third-party websites.
bfb09b2347a74eaceb6441aeaf76d5d4f8817b0e0d9131ca81fafeb009e0988b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed