openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-192)

Mozilla Thunderbird was updated to 2.0.0.16. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5680)

This patch backports security fixes found in MozillaThunderbird 2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5450)

MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues : - An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently...

Microsoft IE CSS标签内存破坏漏洞（MS07-033）

Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer在处理网页中的CSS标签时存在内存破坏漏洞，成功利用此漏洞的攻击者可能完全控制受影响的系统。 攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 临时解决方法： 以纯文本格式阅读邮件消息以防范HTML邮件攻击。 厂商补丁： Microsoft ---------...

Integer overflow

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow...

Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow

/ Taken from http://www.securiteam.com/exploits/5NP042KF5A.html The exploit will create a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and will trigger the buffer overflow. / //Exploit Code: include include include...

Microsoft Internet Explorer contains a buffer overflow in CSS parsing

Overview A buffer overflow vulnerability exists in the way that Microsoft Internet Explorer processes Cascading Style Sheets CSS. This may allow an attacker to execute arbitrary code or cause a denial of service. Description CSS is a mechanism for adding style to web documents. Microsoft Internet...

Security Advisory: CSS Vulnerability in Web Froums Server 1.6

Security Advisory: CSS Vulnerability in Web Froums Server 1.6 Data: 27.01.2004 Application: Web Froums Server 1.6 Vendor: www.minihttpserver.net Versions: 1.6 and Shareware : Platforms: Windows Bug: JS/HTML code injection. Risk: Low Mini-description for Forums Web Server v1.6: "WebForums Server...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...

CVE-2002-0205

The CVE-2002-0205 entry describes a cross‑site scripting (XSS) flaw in Plumtree Corporate Portal 3.5–4.5, where an attacker could inject arbitrary script via the Description parameter in error.asp, potentially affecting other clients. The affected product/component is Plumtree Corporate Portal (e...

CVE-2001-0948

CVE-2001-0948 affects ValiCert Enterprise Validation Authority (EVA) versions 3.3–4.2.1 . A cross‑site scripting flaw allows remote attackers to cause arbitrary code execution or display false information by injecting HTML/script into a certificate’s description, which runs when the certificate i...