Mozilla parsing error in E4X default namespace

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...

SeaMonkey < 1.1.13 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.13. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. MFSA 2008-47 - The canvas element can be used in conjunction with a...

SeaMonkey < 1.1.13 Multiple Vulnerabilities

Binary data 4753.prm...

Parsing error in E4X default namespace — Mozilla

Security researcher Chris Evans reported an error in the method used to parse the default namespace in an E4X document. The error was caused by quote characters in the namespace not being properly escaped. The severity of this issue was determined to be low...

CVE-2008-4062

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related...

CVE-2008-4062

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related...

CVE-2008-2326

CVE-2008-2326 affects Apple Bonjour for Windows (mDNSResponder) prior to 1.0.5. The vulnerability is a NULL pointer dereference when resolving a crafted .local domain name with a long label, leading to denial of service (application crash). Public docs from multiple sources confirm the issue and ...

openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)

Fixed various issues in tomcat : - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860: directory traversal - CVE-2007-3386: tomcat XSS - CVE-2007-5342: insufficient access...

Mutt BROWSE_GET_NAMESPACE IMAP名称空间处理远程溢出漏洞

BUGTRAQ ID: 18642 CVECAN ID: CVE-2006-3242 Mutt是一个小型但功能强大的基于文本的MIME邮件客户端。 Mutt处理畸形邮件时存在漏洞，远程攻击者可能利用此漏洞在客户端上执行任意指令。 Mutt的browse.c文件的browsegetnamespace函数中存在缓冲区溢出漏洞。如果恶意的IMAP服务器向Mutt发送了超长的名称空间的话，就会触发这个漏洞，导致客户端崩溃或执行任意指令。 Mutt Mutt 1.4.2 Gentoo Linux 厂商补丁： Mutt ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Ubuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)

TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. Note that Tenable...

openSUSE 10 Security Update : mutt (mutt-1701)

Mutt had a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability CVE-2006-3242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mutt-1701. The text...

Fedora Core 5 : libXfont-1.2.8-1.fc5 (2007-422)

Fri Apr 6 2007 Adam Jackson 1.2.8-1 - libXfont 1.2.8. - Wed Jan 17 2007 Kristian Hagsberg 1.2.6-2 - Add built-in-scalable.patch to prevent crash when trying to scale built-in bitmap fonts. - Fri Jan 5 2007 Adam Jackson 1.2.6-1 - Update to 1.2.6 - Fri Dec 1 2006 Adam Jackson 1.2.5-1 - Update to...

Fedora Core 4 : mutt-1.4.2.1-5.fc4 (2006-761)

Thu Jun 29 2006 Miroslav Lichvar 5:1.4.2.1-5.fc4 - fix a buffer overflow when processing IMAP namespace 197152, CVE-2006-3242 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

CVE-2006-3798

DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...

CVE-2005-4455

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...

CVE-2005-4455

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...

[SA16319] Karrigell Python Namespace Exposure Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

USN-155-1: Mozilla vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...

security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...