Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

Ubuntu 12.04 LTS / 12.10 / 13.04 : ubufox, unity-firefox-extension update (USN-1924-2)

USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in...

USN-1924-1: Firefox vulnerabilities

Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of...

[SECURITY] Fedora 18 Update: pyicu-1.4-2.fc18

PyICU is Python extension wrapping IBM's International Components for Unicode C++ library ICU. ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all...

VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe

Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE 3rd party components: 1. Adobe Flash Player Plugin 11.5.502.110 | X:filever.exe /S "ProgramFilesAdobenpswf.dll" | x:program filesadobereader 11.0readernpswf.dll | --a-- W32i DLL ENU 11.5.502.110 shp 14,588,632 05-11-2013...

Microsoft Lync Server 2010 reachLocale Parameter XSS

According to its self-reported version number, the version of Web Components Server a component of Microsoft Lync 2010 has a cross-site scripting vulnerability. Input passed to the 'reachLocale' parameter of ReachJoin.aspx is not properly sanitized. An attacker could exploit this by tricking a us...

Fedora 19 : livecd-tools-19.4-1.fc19 (2013-9827)

Some fixed for running from F19 host. The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no...

CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...

Microsoft Windows Print Spooler Components Privilege Escalation Vulnerability (2839894)

This host is missing an important security update according to Microsoft Bulletin MS13-050. OpenVAS Vulnerability Test $Id: secpodms13-050.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows Print Spooler Components Privilege Escalation Vulnerability 2839894 Authors: Arun Kallavi Copyright:...

Ubuntu Update for libxp USN-1861-1

Check for the Version of libxp OpenVAS Vulnerability Test $Id: gbubuntuUSN18611.nasl 8466 2018-01-19 06:58:30Z teissa $ Ubuntu Update for libxp USN-1861-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Ubuntu: Security Advisory (USN-1865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1868-1: libxvmc vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-1866-1: libxtst vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-1852-1: libdmx vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code...

FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)

Thomas Sibley reports : We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities...

Debian Security Advisory DSA 2685-1 (libxp - several vulnerabilities)

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

[SECURITY] Fedora 17 Update: plexus-archiver-2.3-1.fc17

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

Oracle Java SE Multiple Vulnerabilities -03 May 13 (Windows)

This host is installed with Oracle Java SE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboraclejavasemultvuln03may13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Multiple Vulnerabilities -03 May 13 Windows Authors: Thanga Prakash S Copyright: Copyright c...

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than...