Firefox version 50.0.1 full ASLR and DEP bypass exploit using ASM.JS JIT-spray.
86cecd285d657c050c53a7f7a6a47081e1bc4db32994a106122cf7a3a0d39213This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
af960164b10f4978888d3c2dcdca0041f4f8d2e33bf4bb4404e345fe8ea3e6b9Gentoo Linux Security Advisory 201701-35 - Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.46-r1 are affected.
edb4103926996cc60bdbdba4e04c9d073a6b3369fcdbbd4d3088d21fac388142Debian Linux Security Advisory 3730-1 - Multiple security issues have been found in Icedove, Debian's version of same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.
1f5058909d3b0d5663a8bd4c592827d4b9971ab4d1592c8532083a9575a01b7bRed Hat Security Advisory 2016-2850-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
f2b5168d74f1e0e5d96b19992b90ed1ad3a05d346e5ddc46d229fe84bb406be4Red Hat Security Advisory 2016-2843-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
435dfe9352257dc57f397cc39e899cbaf3481b14535753a62444cd16c0d57442Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
4a3a2a66035388a0a73ba252d401b73840b1c52eb41d1688bc971fd062d4288eUbuntu Security Notice 3141-1 - Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
0156c492b9961af8947272769020c060ab5812598c1fcfa320436988f5460391Ubuntu Security Notice 3140-1 - It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
f75f1de4f2150a8b347c4b8f5b7f8c787811b1e039813e9fee9dafd967bf9ec3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed