630 matches found
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)
Mozilla Firefox was updated to 3.6.26 fixing bugs and security issues. The following security issues have been fixed by this update : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs...
Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities
Binary data 6309.prm...
Mozilla Thunderbird 3.1.x Multiple Vulnerabilities
Binary data 801371.prm...
Issue with error pages can cause a system crash – Opera Security Advisories
When attempting to resolve a URL which cannot be interpreted as a legal URL, Opera will create an error page to display to the user when they load it. If enough invalid URLs can be created, Opera can use up all available disk space with these error pages, causing the browser or operating system t...
Nearly 60,000 Fake Websites Created Weekly
Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake. Read the full article. Help Net Security...
URL spoofing with box drawing character — Mozilla
Bjoern Hoehrmann and security researcher Moxie Marlinspike independently reported that Unicode box drawing characters were allowed in Internationalized Domain Names IDN where they could be visually confused with punctuation used in valid web addresses. This could be combined with a phishing-type...
Firefox errors parsing URLs with control characters
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks...
Firefox arbitrary signed JAR code execution
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...
Extended Tracker - SQL Injection
The contributed module Extended Tracker xtracker accepts parameters from URLs and uses those unescaped in SQL queries, allowing malicious users to execute SQL injection attacks. This may result in them gaining administrator privileges. Versions affected Please check the CVS $Id$ fields in the fil...
security flaw
Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...