Debian DSA-1484-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discover...

Mozilla Foundation Security Advisory 2008-08

Mozilla Foundation Security Advisory 2008-08 Title: File action dialog tampering Impact: Moderate Announced: February 7, 2008 Reporter: Michal Zalewski Products: Firefox, Thunderbird Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 Description Security researcher Michal Zalewski demonstrated that...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

CVE-2008-0591

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

Mozilla information disclosure flaw

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

Mozilla information disclosure flaw

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka...

SuSE 10 Security Update : xen (ZYPP Patch Number 4766)

This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service hypervisor crash by using a debug register DR7 to set certain breakpoints. - Xen 3.1.1 does not prevent modification of the CR4 TSC from...

Linux Kernel 'hrtimers'本地拒绝服务漏洞

Linux是一款开放源代码的操作系统。 Linux不正确处理部分'hrtimers'相对超时值，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 使用超大超时值的相对'hrtimers'，当hrtimerstart中当前时间增加时可导致出现负timer值，最后引起clockeventssetnext函数设置一个超大超时并睡眠很长的一段时间，造成拒绝服务攻击。 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3...

Fedora Core 6 : kernel-2.6.22.1-32.fc6 (2007-655)

Rebase kernel to 2.6.22.1: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.1 Includes the CFS scheduler from upstream kernel 2.6.23. Fixes since initial 2.6.22 test kernel was released: Fix timer problems and failure to boo...

security flaw

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corrupti...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:123)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The kernel did not clear sockaddrin.sinzero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt is called...

CVE-2006-2445

Race condition in runposixcputimers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service BUGON crash by causing one CPU to attach a timer to a process that is exiting...

Back-End CMS 0.7.2.2 - BE_config.php Remote File Inclusion

Back-End CMS 0.7.2.2 - BEconfig.php Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM Back-End CMS - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl Site of script...

Back-End CMS 0.7.2.2 - 'BE_config.php' Remote File Inclusion

DEVIL TEAM THE BEST POLISH TEAM Back-End CMS - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl Site of script: http://www.back-end.org / BEconfig.php Line 27-31: code...

Moderate: Red Hat Security Advisory: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 3

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the third regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Linux kernel handles the basic...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:018)

A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP CVE-2005-3527. The ptrace functionality in 2.6 kernels prior to...

Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-178-1)

Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kerne...

SUSE-SA:2005:068: kernel

The remote host is missing the patch for the advisory SUSE-SA:2005:068 kernel. The Linux kernel was updated to fix several security problems and several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace2 handling that finds out if a process is attaching to itself was incorrec...

CVE-2005-3805

A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service deadlock involving process CPU timers...