SeaMonkey < 2.14 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.14 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-5842, CVE-2012-5843 - An...

Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 17.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-5842, CVE-2012-5843 - An...

RHEL 5 / 6 : firefox (RHSA-2012:1482)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1482 advisory. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were...

Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets CSS token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via ...

Crash when combining SVG text on path with CSS — Mozilla

Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash...

Apple Safari WebKit CSS Title Memory Corruption (CVE-2012-3684)

A memory corruption vulnerability has been reported in WebKit, a component of Apple Safari. The vulnerability is due to improper handling of a CSS style for a title element. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. Successful exploitatio...

RedHat Update for kdelibs RHSA-2012:1416-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

kdelibs security update

CentOS Errata and Security Advisory CESA-2012:1418 Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6 FasTrack. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS...

Critical: Red Hat Security Advisory: kdelibs security update

Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

kdelibs: Heap-based buffer overflow when parsing location of a font face source

A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's DOM implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when...

PT-2012-1069 · Kde +3 · Konqueror +4

Name of the Vulnerable Software and Affected Versions: kdelibs versions 4.3.4 kdelibs-devel version 4.3.4 kdelibs-debuginfo version 4.3.4 kdelibs-apidocs version 4.3.4 kdelibs-common version 4.3.4 Description: The issue concerns multiple vulnerabilities in the kdelibs package, which can lead to a...

Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a...

Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecifi...

CMS Balitbang Depdiknas 3.4 HTML Injection

============================================ CMS Balitbang Depdiknas v3.4 HTML Injection ============================================ :----------------------------------------------------------------------------------------------------: : Exploit Title : CMS Balitbang Depdiknas v3.4 HTML Injectio...

CVE-2012-2578

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

CVE-2012-2578

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

CVE-2012-2586

Multiple cross-site scripting XSS vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with 1 a JavaScript alert function used in conjunction with the fromCharCode method or 2 a SCRIPT element; an e-mail message body...

[SECURITY] Fedora 18 Update: roundcubemail-0.7.3-1.fc18

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities

According to its banner, the version of MDaemon's WorldClient is earlier than 12.5.7 and is, therefore, affected by the following cross-site scripting vulnerabilities : - Input supplied in body of an email is not properly sanitized before being presented to the user. Specially crafted email...