CentOS 5 / 6 : thunderbird (CESA-2012:1089)

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

USN-1509-1: Firefox vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit...

thunderbird security update

CentOS Errata and Security Advisory CESA-2012:1089 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2012:1088 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CV...

Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...

CVE-2012-1964

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

X-Frame-Options header ignored when duplicated — Mozilla

Bugzilla developer Frédéric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protecte...

Clickjacking of certificate warning page — Mozilla

Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle MITM attacker can use an iframe to display its own certificate error warning page about:certerror with the "Add Exception" button of a real warning page from a malicious...

Android Clickjacking Rootkit Demonstrated

Android Clickjacking Rootkit Demonstrated Mobile security researchers have identified an aspect of Android 4.0.4 Ice Cream Sandwich and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the...

MediaWiki: Multiple vulnerabilities

Background The MediaWiki wiki web application as used on wikipedia.org. Description Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details. Impact MediaWiki allows remote attackers to bypass authentication, to perform imports fro...

Firefox < 13.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist...

Thunderbird < 13.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist...

Firefox < 13.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Two heap-based buffer overflows and one heap-base...

UI Randomization, Statistical Analysis Could End Clickjacking

A PayPal researcher argues in a new paper that a combination of randomized user interfaces and back end screenshot comparison tools could effectively put an end to clickjacking attacks, one of the most prevalent online scams. Brad Hill of Paypal argues in a new paper for a method he calls “adapti...