openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0467-1)

Mozilla Firefox was updated to 19.0.2 bnc808243 fixing : - MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor could be used for code execution - blocklist updates %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Mail.ru: Stored XSS on http://cards.mail.ru

Эксперементируя с html редактором на странице отправки открытки http://cards.mail.ru/card/compose.html?cid=7842 был найден вектор, который проходит проверки и остаётся: asdf iframe src=javascript:alert2 В итоге, хранимый xss на страницах...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:0431-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SpearPhisher] A Simple Phishing Email Generation Tool

SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...

Oracle Linux 4 : seamonkey (ELSA-2010-0967)

From Red Hat Security Advisory 2010:0967 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base score...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104)

From Red Hat Security Advisory 2008:0104 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...

Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0398)

From Red Hat Security Advisory 2009:0398 : Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-1037)

From Red Hat Security Advisory 2008:1037 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security...

Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0547)

From Red Hat Security Advisory 2008:0547 : Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security...

Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)

From Red Hat Security Advisory 2010:0113 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...

Mozilla Firefox / Thunderbird / Seamonkey use-after-free vulnerability

HTML editor use-after-free...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)

MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free...

seamonkey: update to 2.16.1 (important)

seamonkey was updated to version 2.16.1 fixing a severe security issue. MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor...

xulrunner to 17.0.4esr (important)

xulrunner was updated to 17.0.4esr bnc808243 to fix a important security issue: MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor...

MozillaThunderbird: 17.0.4 release (important)

MozillaThunderbird was updated to 17.0.4 bnc808243 MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerability (USN-1758-2)

USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to...

Ubuntu: Security Advisory (USN-1758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execu...

FreeBSD : mozilla -- use-after-free in HTML Editor (630c8c08-880f-11e2-807f-d43d7e0c7c02)

The Mozilla Project reports : MFSA 2013-29 Use-after-free in HTML Editor %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution...

Mozilla Thunderbird < 17.0.4 nsHTMLEditor Use-After-Free

The installed version of Thunderbird is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor nsHTMLEditor related to content script and the calling of the function 'document.execCommand' while internal editor operations are...