21 matches found
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2904-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2904-1 advisory. Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able t...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Important: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Debian Security Advisory DSA 2779-1 (libxml2 - denial of service)
Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. OpenVAS Vulnerability Test $Id: deb2779.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generat...
[SECURITY] [DSA-2471-1] ffmpeg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2471-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq -...
FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)
Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...
Stable Channel Update
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including: New Extensions APIs Updated Omnibox Prerendering Download Scanning Protection Many other small changes Security...
Debian DSA-2400-1 : iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting i...
Potentially exploitable crash in the YARR regular expression library — Mozilla
Security researcher Aki Helin reported a crash in the YARR regular expression library that could be triggered by javascript in web content...
Chrome Stable Release
The Google Chrome team is happy to announce the arrival of Chrome 15.0.874.102 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 15 contains some really great improvements including a new New Tab page. You can read about it more on the Google Chome blog. Security fixes and...
Mozilla Foundation Security Advisory 2011-42
Mozilla Foundation Security Advisory 2011-42 Title: Potentially exploitable crash in the YARR regular expression library Impact: Critical Announced: September 27, 2011 Reporter: Aki Helin Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Thunderbird 7.0 SeaMonkey 2.4 Description...
Potentially exploitable crash in the YARR regular expression library — Mozilla
Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript...
CentOS Update for gzip CESA-2010:0061 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Google Ships Chrome 9, Plug Nine Security Holes
Google has officially released version 9.0.597.84 of its Chrome web browser to stable and beta channels for Windows, Mac and Linux, an update that addresses nine separate security vulnerabilities. According to Google’s Chrome Releases blog, one of the vulnerabilities is rated critical while two a...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)
It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program...
CentOS 3 / 4 / 5 : gzip (CESA-2010:0061)
An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GNU gzip data compression program. An integer underfl...
gzip security update
CentOS Errata and Security Advisory CESA-2010:0061 An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package provides the GN...