Mozilla Issues Critical Firefox Security Bulletins

Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities. The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page. In all, Mozilla released 11 advisories, six...

DSA-1922-1 xulrunner - several vulnerabilities

Bulletin has no description...

Mozilla Foundation Security Advisory 2009-62

Mozilla Foundation Security Advisory 2009-62 Title: Download filename spoofing with RTL override Impact: Low Announced: October 27, 2009 Reporter: Jesse Ruderman, Sid Stamm Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.4 Firefox 3.0.15 SeaMonkey 2.0 Description Mozilla security researchers...

Firefox download filename spoofing with RTL override

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override aka RLO or U+202E Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displayin...

Download filename spoofing with RTL override — Mozilla

Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character RTL in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-64 Crashes with evidence of memory corruption rv:1.9.1.4/ 1.9.0.15 MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection MFSA...

Section Rezin(Kesion)CMS V5. 5 filename parsing vulnerability-vulnerability warning-the black bar safety net

Section flood cms,eshop system to build the station brand. Professional open source cms projects customized services and card system, online output, online printing, advertising production, online photo ordering system provider. In the file upload process on a problem. Upload the file that is in...

Apple Mac OS X Installer Package Filename Format String (CVE-2007-0465)

Apple Computer Mac OS X is the operating system shipped with Apple Macintosh computers. The Installer component is an application included in Mac OS X systems which extracts and installs applications from installation packages. The installer provides features which allow developers to customize...

WinRAR v3.80 - ZIP Filename Spoofing

No description provided by source. ======================================================= Security Advisory: WinRAR v3.80 - ZIP Filename Spoofing ======================================================= Security Researcher Info: ========================= Discovered by: Christian Navarrete chr1x -...

FireFTP Extension for Firefox SFTP Filename Handling Vulnerability

该漏洞是由于不正确的FireFTP之前将它们传递给psftp.exe某些文件名。这可以被利用来如欺骗用户下载到fire安装目录中的文件或执行通过SFTP服务器上的文件，不需要特别命名SFTP发布业务用户。 成功攻击要求攻击者可以诱骗受害者移动，删除，模式发生变化，或下载一个SFTP服务器特别命名的文件。 据该漏洞在版本1.0.5。其它版本也可能受到影响。 FireFTP 1.x extension for Firefox Update to version 1.0.6. http://fireftp.mozdev.org/...

WinRAR v3.80 - ZIP Filename Spoofing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

CVE-2009-3453

Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template...

Unrestricted file upload

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window...

CVE-2009-3447

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window...

The moving web 8. x latest 0day-vulnerability warning-the black bar safety net

Use the or IIS the filename parsing vulnerability. Affected version: Powered By Dvbbs Version 8.2.0 Powered By Dvbbs Version 8.1.0 Powered By Dvbbs Version 8.0.0 Registered users-my homepage-personal space management userspace. asp? sid=0&act=modifyset Then edit the CSS style-file management...

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

CVE-2009-3233

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack...

DEBIAN-CVE-2009-3233

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack...

KesionCMS(section news)upload vulnerability-vulnerability warning-the black bar safety net

Prius special A bit tasteless,with a few days before the publication of the iis6 filename parsing vulnerability achieve to obtain webshell. First find the use of tech-ex systems site,registered members,and then input KSeditor/selectupfiles. asp, Open after upload x. asp;x. jpg format image file,i...

CVE-2008-7162

Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504...