Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI...

Fedora 8 : Miro-1.2.3-3.fc8 / blam-1.8.3-17.fc8 / cairo-dock-1.6.1.1-1.fc8.1 / chmsee-1.0.0-3.31.fc8 / etc (2008-6491)

Updated firefox packages that fix several security issues are now available for Fedora 8. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

CVE-2008-2933

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

CVE-2008-2933

CVE-2008-2933 describes a pipe character in a URL that can trigger Chrome privilege escalation in Iceape/Iceweasel Firefox-family products. Connected advisories confirm active fixes: Iceweasel/iceape upgrades to 2.0.0.16 (etch) and later 3.0.1–1 (sid) or equivalent patched builds; Iceweasel 2.0.0...

firefox security update

CentOS Errata and Security Advisory CESA-2008:0598 An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source...

devhelp, firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2008:0597 Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 16th July 2008 The...

Firefox 3.x < 3.0.1 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing fo...

RHEL 4 : firefox (RHSA-2008:0598)

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in...

Firefox command line URL launches multi-tabs

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 16th July 2008 The nspluginwrapper package has been added to this advisory to...

Firefox command line URL launches multi-tabs

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

Critical: Red Hat Security Advisory: firefox security update

An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in...

Firefox < 2.0.0.16 / 3.0.1 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing fo...

Mozilla Firefox command line URI handling vulnerability

Overview Mozilla Firefox contains a vulnerability that may allow an attacker to bypass security restrictions by opening specially crafted URIs using the Firefox command line interface. Description Mozilla Firefox can process URIs from its command line interface that can be accessed by users or...

[SECURITY] Fedora 9 Update: wireshark-1.0.2-1.fc9

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

Command-line URLs launch multiple tabs when Firefox not running — Mozilla

Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe "|" symbols will open multiple tabs. This URI splitting could be used to launch chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which was intend...

php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net

漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...

Input validation

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

Linksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities (2)

Exploit for hardware platform in category remote exploits ==================================================================== Linksys WRT54G firmware 1.00.9 Security Bypass Vulnerabilities 2 ==================================================================== | l/ l j| \ / \ | \l j| \ | T l j| \...