openSUSE Security Update : MozillaFirefox (MozillaFirefox-233)

This update brings MozillaFirefox to version 3.0.3, fixing a number of bugs and security problems : MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-236)

This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

openSUSE Security Update : seamonkey (seamonkey-238)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

openSUSE 10 Security Update : seamonkey (seamonkey-5657)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5655)

This update brings Mozilla Thunderbird to version 2.0.0.17. It contains the following security fixes: MFSA 2008-46 / CVE-2008-4070: Heap overflow when canceling a newsgroup message MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

Mozilla Foundation Security Advisory 2008-43

Mozilla Foundation Security Advisory 2008-43 Title: BOM characters, low surrogates stripped from JavaScript before execution Impact: Moderate Announced: September 23, 2008 Reporter: Dave Reed, Chris Weber, Gareth Heyes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox...

Cross site scripting

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via byte order mark BOM characters that are removed from JavaScript code before...

USN-645-1: Firefox and xulrunner vulnerabilities

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...

Mozilla BOM characters stripped from JavaScript before execution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via byte order mark BOM characters that are removed from JavaScript code before...

Mozilla BOM characters stripped from JavaScript before execution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via byte order mark BOM characters that are removed from JavaScript code before...

BOM characters, low surrogates stripped from JavaScript before execution — Mozilla

Microsoft developer Dave Reed reported that certain BOM characters are stripped from JavaScript code before it is executed. This can lead to code, which would otherwise be treated as part of a quoted string, to be executed. The issue could potentially be used by an attacker to bypass or evade...

Ubuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)

USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN : Jonas Sicking discovered that under some circumstances persisted XUL...