SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5890)

The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content could be injected into an...

SuSE9 Security Update : Epiphany (YOU Patch Number 12326)

The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)

The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-401)

The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

openSUSE 10 Security Update : seamonkey (seamonkey-6310)

The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 bmo460090,485217 Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with...

Microsoft Windows Search脚本注入漏洞(MS09-023)

BUGTRAQ ID: 35220 CVECAN ID: CVE-2009-0239 Windows Search允许即时搜索大多数公共文件和数据类型，例如电子邮件、联系人、日历约会、文档、照片、多媒体和由第三方扩展的其他格式。 Windows Search通过嵌入式的浏览器向用户预览搜索结果。为了支持非HTML/XML文件，Windows Search会将这类文件转换为HTML，但转换器在转义字符的时候没有执行任何过滤便将文件加载到了内嵌的浏览器中。根据嵌入式浏览器的安全设置，上述本地HTML文件无需用户同意便拥有部分JavaScript执行权限。...

ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability

ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-037 June 10, 2009 -- CVE ID: CVE-2009-1528 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- Vulnerability Details:...

CVE-2009-1528

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent,...

Memory corruption

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent,...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...

CVE-2009-1697

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting XSS attacks...