Firefox crypto.generateCRMFRequest command execution

Added: 08/21/2014 CVE: CVE-2013-1710 BID: 61900 OSVDB: 96019 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution...

Firefox crypto.generateCRMFRequest command execution

Added: 08/21/2014 CVE: CVE-2013-1710 BID: 61900 OSVDB: 96019 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution...

Firefox crypto.generateCRMFRequest command execution

Added: 08/21/2014 CVE: CVE-2013-1710 BID: 61900 OSVDB: 96019 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution...

MozillaThunderbird,seamonkey (important)

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...

Mozilla多个产品crypto.generateCRMFRequest拒绝服务漏洞

CVE ID:CVE-2014-1498 Mozilla Firefox/SeaMonkey是Mozilla所发布的WEB浏览器/新闻组客户端。 Mozilla多个产品在生成ec-dual-use请求时crypto.generateCRFMRequest方法没有正确校验KeyParams参数的键值类型，允许攻击者利用漏洞进行拒绝服务攻击，使应用程序崩溃。 0 Mozilla Firefox 27 Mozilla Seamonkey 2.24 Mozilla Firefox 28，Seamonkey 2.25已经修复该漏洞，建议用户下载更新： http://www.mozilla.org...

Design/Logic Flaw

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution Vulnerability

On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an exposedProps property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With...

Mozilla Thunderbird Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Mozilla Firefox ESR Multiple Vulnerabilities (Aug 2013) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Cross site scripting

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

CVE-2013-1710

CVE-2013-1710 affects Mozilla Firefox and related Mozilla-based products via a flaw in Certificate Request Message Format (CRMF) request generation that could allow remote JavaScript execution or cross-site scripting. Specifically, vulnerable components include Firefox before 23.0, Firefox ESR 17...

Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. CVE-2006-0292, CVE-2006-1742 The function...

CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method...

Design/Logic Flaw

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method...