[USN-1054-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-1054-1 February 01, 2011 linux, linux-ec2 vulnerabilities CVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249 =========================================================== A security issue affects the...

kernel: unix socket local dos

The waitforunixgc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service system hang via crafted use of the socketpair and sendmsg system...

firefox: arbitrary code execution via memory corruption

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability

ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-063 April 5, 2010 -- CVE ID: CVE-2010-1121 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPointTM IPS Customer...

Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...

Re-use of freed object due to scope confusion — Mozilla

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its ol...

Design/Logic Flaw

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

Firefox arbitrary code execution flaw

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

SeaMonkey < 1.1.17 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.17. Such versions are potentially affected by the following security issues : - When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage...

Design/Logic Flaw

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

Firefox < 3.0.11 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.11. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. MFSA 2009-24 - Certain invalid Unicode characters, when used as...

Firefox arbitrary code execution flaw

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

ZDI-09-034: Apple Safari SVG Set.targetElement&#40;&#41; Memory Corruption Vulnerability

ZDI-09-034: Apple Safari SVG Set.targetElement Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-034 June 8, 2009 -- CVE ID: CVE-2009-1709 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1)

It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubunt...

Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1)

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of t...

Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)

A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. CVE-2009-1169 A flaw was discovered in the way Firefox handles...

SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:022)

The remote host is missing updates announced in advisory SUSE-SA:2009:022. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2009:0397 Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source W...