mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-80...

Solving rendering performance puzzles

You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...

Animated line drawing in SVG

There's a demo you're missing here because JavaScript or inline SVG isn't available. I like using diagrams as a way of showing information flow or browser behaviour, but large diagrams can be daunting at first glance. When I gave talks about the Application Cache and rendering performance I start...

CVE-2013-0905

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation...

CVE-2013-0905

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation...

CVE-2013-0905

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation...

CVE-2013-0905

CVE-2013-0905 is a Google Chrome use-after-free vulnerability in SVG animations (frame loader) that could cause a denial of service or possibly other impact. Affected are Chrome versions prior to 25.0.1364.152. Remediation per the sources is to upgrade to the latest Chrome release (patches addres...

CVE-2013-0905

Removed by vendor...

Apple QuickTime 视频文件缓冲区溢出漏洞

CVE ID: CVE-2012-3756 QuickTime是由苹果电脑所开发的一种多媒体架构，能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式，以及交互式全景影像的数项类型。 QuickTime在处理特制PM4文件内的'rnet'框时存在缓冲区溢出漏洞，可导致应用意外终止或任意代码执行。 0 Apple Quicktime 7.x 厂商补丁： Apple ----- 请更新到QuickTime 7.7.3： APPLE-SA-2012-11-07-1：QuickTime 7.7.3 链接：http://www.apple.com/quicktime/download/...

[SECURITY] Fedora 18 Update: blender-2.63a-9.fc18

Blender is the essential software solution you need for 3D, from modeling, animation, rendering and post-production to interactive creation and playba ck. Professionals and novices can easily and inexpensively publish stand-alone, secure, multi-platform content to the web, CD-ROMs, and other medi...

Mandriva Update for mozilla MDVSA-2012:032-1 (mozilla)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

openSUSE: Security Advisory for seamonkey (openSUSE-SU-2012:0007-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE Update for seamonkey openSUSE-SU-2012:0039-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201200391.nasl 8267 2018-01-02 06:29:17Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0039-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

SuSE Update for seamonkey openSUSE-SU-2012:0007-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201200071.nasl 8253 2017-12-28 06:29:51Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0007-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Scientific Linux Security Update : tcltk on SL3.x i386/x86_64

An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of...

Ubuntu Update for thunderbird USN-1343-1

Ubuntu Update for Linux kernel vulnerabilities USN-1343-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for thunderbird USN-1343-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...

CVE-2012-0457

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might...

Design/Logic Flaw

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might...

CVE-2012-0457

CVE-2012-0457 is a use-after-free in the Firefox DOM/SVG handling: the nsSMILTimeValueSpec::ConvertBetweenTimeContainer path can be triggered via SVG animations to allow remote code execution. Affected products and versions per sources include Mozilla Firefox before 3.6.28 and 4.x through 10.0, F...