Mozilla Firefox JavaScript Compiler Code Execution Vulnerability - Linux

Mozilla Firefox browser is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox JavaScript Compiler Code Execution Vulnerability - Windows

Mozilla Firefox browser is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mozilla -- corrupt JIT state after deep return from native function

Mozilla Project reports: Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape, the Just-in-Time JIT compiler could get into a corrupt state. This could be exploited b...

Corrupt JIT state after deep return from native function — Mozilla

Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape, the Just-in-Time JIT compiler could get into a corrupt state. This could be exploited by an attacker to run...

CVE-2009-2477

js/src/jstracer.cpp in the Just-in-time JIT JavaScript compiler aka TraceMonkey in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a...

Design/Logic Flaw

js/src/jstracer.cpp in the Just-in-time JIT JavaScript compiler aka TraceMonkey in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a...

CVE-2009-2477

js/src/jstracer.cpp in the Just-in-time JIT JavaScript compiler aka TraceMonkey in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a...

CVE-2009-2477

CVE-2009-2477 affects Mozilla Firefox 3.5 (JIT/TraceMonkey) and is caused by memory corruption in the JIT escape Function when using escape(), allowing remote code execution via crafted pages. Public details describe an uninitialized memory access triggered by certain document constructs (P and F...

Fedora 11 : webkitgtk-1.1.8-1.fc11 (2009-6166)

"WebKitGTK+ 1.1.8 contains many bug-fixes and updates including spell-checking support, enhanced error reporting, lots of ATK enhancements, support for copying images to the clipboard, and a new printing API since 1.1.5 that allows applications better control and monitoring of the printing proces...

CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...

MDKA-2007:124 : openafs

This update addresses the following bugs in the openafs package: The openafs kernel module does not work on the x8664 platform, triggering a kernel oops as soon as it is loaded. The openafs package was compiled with wrong gcc 4.2 compiler optimisations which prevented it from listing directory...

Fedora 10 : nagios-3.0.5-1.fc10 (2008-10323)

Upstream has released a new version: Security fix for Cross Site Request Forgery CSRF bug reported by Tim Starling. Sample audio files for CGIs removed from distribution Fix for mutliline config file continuation bug Minor fix to RPM spec file Fix for AIX compiler warnings Minor sample config fil...

CVE-2009-1302

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...

Mandriva Update for openafs MDKA-2007:124 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDKA-2007:124 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RedHat Update for kernel RHSA-2008:0508-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2008:0508-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS Update for kernel CESA-2008:0211 centos3 x86_64

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for kdevelop FEDORA-2007-2985

Check for the Version of kdevelop OpenVAS Vulnerability Test Fedora Update for kdevelop FEDORA-2007-2985 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Linux Kernel 64 Bit ABI系统调用参数特权提升漏洞

BUGTRAQ ID: 33275 CVE ID：CVE-2009-0029 Linux是一款开放源代码的操作系统。 Linux内核64位ABI系统调用参数处理存在问题，本地攻击者可以利用漏洞提升特权。 部分结构的ABI定义函数调用者必须对每个参数进行符号扩展来填满寄存器宽度，在linux系统调用处理上存在问题。 如在64位上使用这个系统调用： asmlinkage long sysexampleunsigned int index if index 5 return -EINVAL; return examplearrayindex;...

Smarty 2.6.20 php injection

2008-10-22 числа Secunia.com была найдена уязвимость в функции expandquotedtext полный текст http://secunia.com/Advisories/32329/. Разработчики попытались исправить уязвимость как видно из их кода http://smarty-php.googlecode.com/svn/trunk/libs/SmartyCompiler.class.php путем экранированием символ...

CVE-2008-4691

Unspecified vulnerability in the SQLNLSUNPADDEDCHARLEN function in the New Compiler aka Starburst derived compiler component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service segmentation violation and trap via unknown vectors...