openSUSE Security Update : MozillaFirefox (MozillaFirefox-1312)

This update brings Mozilla Firefox to the 3.0.14 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-3074 / CVE-2009-3075: Mozilla developers and community members identified and fixed sever...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1312)

This update brings Mozilla Firefox to the 3.0.14 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-3074 / CVE-2009-3075: Mozilla developers and community members identified and fixed sever...

Mandriva Linux Security Advisory : firefox (MDVSA-2009:236)

Security issues were identified and fixed in firefox 3.0.x : Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vecto...

Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)

The host is installed with Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfirefoxmultvulnsep09lin.nasl 5055 2017-01-20 14:08:39Z teissa $ Mozilla Firefox Multiple Vulnerabilities - Sep09 Linux Authors: Sharath S Copyright: Copyright c 2009 SecPod,...

Mozilla Firefox Multiple Vulnerabilities - Sep09 (Windows)

The host is installed with Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfirefoxmultvulnsep09win.nasl 5055 2017-01-20 14:08:39Z teissa $ Mozilla Firefox Multiple Vulnerabilities - Sep09 Windows Authors: Sharath S Copyright: Copyright c 2009 SecPod...

CVE-2009-3077

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns aka TreeColumns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."...

CVE-2009-3077

CVE-2009-3077 affects Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3. The issue is a dangling-pointer vulnerability in TreeColumns of a XUL tree, caused by improper pointer management, enabling remote attackers to execute arbitrary code via a crafted HTML document. Affected products: Firefo...

CVE-2009-3077

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns aka TreeColumns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."...

Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities

Binary data 801311.prm...

Firefox < 3.0.14 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.14. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially allow arbitrary code execution. MFSA 2009-47 - An insufficient warning message is displayed when adding...

Firefox 3.5.x < 3.5.3 Multiple Vulnerabilities

The installed version of Firefox 3.5 is earlier than 3.5.3. Such versions are potentially affected by the following security issues : - Multiple memory corruption vulnerabilities could potentially allow arbitrary code execution. MFSA 2009-47 - The columns of a XUL tree element can manipulated in ...

Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns aka TreeColumns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."...

Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns aka TreeColumns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."...

kernel: cifs: memory overwrite when saving nativeFileSystem field during mount

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service crash via a long nativeFileSystem field in a Tree Connect response to an SMB mount request...

Memory corruption

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

CVE-2009-2464

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

CVE-2009-2464

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

Mozilla crash with multiple RDFs in XUL tree

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

CVE-2009-2464

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

Tree BBS from Let's PHP! vulnerable to cross-site scripting

Overview Tree BBS from Let's PHP! contains a cross-site scripting vulnerability. Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC...