Mozilla Thunderbird Multiple Vulnerabilities-01 (Oct 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

FreeBSD : mozilla -- multiple vulnerabilities (9c1495ac-8d8c-4789-a0f3-8ca6b476619c)

The Mozilla Project reports : MFSA 2014-74 Miscellaneous memory safety hazards rv:33.0 / rv:31.2 MFSA 2014-75 Buffer overflow during CSS manipulation MFSA 2014-76 Web Audio memory corruption issues with custom waveforms MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-79...

USN-2373-1 thunderbird vulnerabilities

Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service vi...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

Heap overflow

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

CVE-2014-1576

CVE-2014-1576 is a heap-based buffer overflow in nsTransformedTextRun used when parsing CSS token sequences that trigger capitalization changes in Mozilla Firefox

Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75)

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

USN-2372-1: Firefox vulnerabilities

Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and Jeff Walden discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Fedora 19 : mediawiki-1.23.5-1.fc19 (2014-12262)

CVE-2014-7295 bug 70672 SECURITY: OutputPage: Remove separation of css and js module allowance. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 20 : mediawiki-1.23.5-1.fc20 (2014-12263)

CVE-2014-7295 bug 70672 SECURITY: OutputPage: Remove separation of css and js module allowance. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] [DSA 3046-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3046-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 05, 2014 http://www.debian.org/security/faq -...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

Buffer overflow during CSS manipulation — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

Cross site scripting

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 'includes/OutputPage.php' XSS

According to its version number, the MediaWiki application running on the remote host is affected by an input validation error in the 'includes/OutputPage.php' script related to JavaScript in CSS content. This can be exploited to conduct cross-site scripting XSS attacks. Note that Nessus has not...

CVE-2014-7295

The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...

DEBIAN-CVE-2014-7295

The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...