97 matches found
SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)
The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...
Mozilla Firefox - Location Bar Spoofing
Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK CVE :...
Firefox内容注入网页欺骗漏洞
BUGTRAQ ID: 37370 CVE ID: CVE-2009-3985 Firefox是一款流行的开源WEB浏览器。 恶意网页可以将document.location设置为无法正确显示的URL,然后向所生成的空白页中注入内容。攻击者可以利用这个漏洞在地址栏中放置看起来合法但实际上无效的URL,并向页面中注入HTML和JavaScript,执行欺骗攻击。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁: Debian ------...
Mozilla Firefox - Location Bar Spoofing
Mozilla Firefox - Location Bar Spoofing Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN...
Mozilla Firefox Location Bar Spoofing Vulnerability
No description provided by source. Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN &...
Fedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)
Update to new upstream SeaMonkey version 2.0.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.htmlseamonkey2.0.1 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985...
Fedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)
Update to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.htmlfirefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /...
CVE-2009-3985
CVE-2009-3985 affects Mozilla Firefox prior to 3.0.16 and 3.5.x prior to 3.5.6, and SeaMonkey prior to 2.0.1. The issue allows remote attackers to cause spoofing by setting document.location to the vulnerable URL and then writing arbitrary script/HTML to the associated blank document, enabling co...
Mozilla Foundation Security Advisory 2009-69
Mozilla Foundation Security Advisory 2009-69 Title: Location bar spoofing vulnerabilities Impact: Moderate Announced: December 15, 2009 Reporter: Jonathan Morgan, Jordi Chancel Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher...
CVE-2009-3985
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to...
Stack overflow
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to...
CVE-2008-3985
CVE-2008-3985 affects Oracle E-Business Suite 12.0.4 via the Oracle Applications Technology Stack component. Public details indicate a remote-authenticated/unauthenticated access risk to confidentiality from unknown vectors. The issue is addressed in Oracle’s CPU Oct 2008 advisory (CPUOCT2008) wi...
CVE-2007-3985
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...
CVE-2007-3985
The CVE-2007-3985 issue affects Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, where the file.cgi script fails to sanitize the name parameter. This enables a directory traversal attack (".." in the name) allowing remote attackers to download arbitrary files from ...
CVE-2006-3985
CVE-2006-3985 affects ConeXware PowerArchiver 9.62.03 via DZIPS32.DLL 6.0.0.4, where a stack-based buffer overflow occurs when a crafted ZIP archive containing a long-named file is processed. This allows a user‑assisted attacker to execute arbitrary code. The connected records confirm the vulnera...
CVE-2006-3985
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name...
CVE-2005-3985
The CVE-2005-3985 entry concerns the Internet Key Exchange v1 (IKEv1) implementation in Astaro Security Linux prior to 6.102, which can be triggered by crafted IKE packets to cause a denial of service and possibly arbitrary code execution; the advisory notes uncertainty about whether CVE-2005-366...