thunderbird: multiple issues

CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...

WordPress Crayon Syntax Highlighter Plugin <= 2.6.10 - Defacement

Because of this vulnerability, attackers can craft the user provided parameters in such a way that it becomes possible to overwrite base themes with arbitrary CSS. Solution Update plugin...

WordPress CSS Plus Plugin <= 1.3.1 - Unspecified Vulnerabilities

This plugin is prone to unspecified vulnerabilities. Solution Update the plugin...

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a document containing crafted text in...

CVE-2015-2710

CVE-2015-2710 is a memory-safety vulnerability in Mozilla Firefox and Thunderbird where the SVGTextFrame handles crafted SVG/CSS data, causing a heap-based buffer overflow. A remote attacker could potentially execute arbitrary code by enticing a user to open specially crafted content. The issue a...

CVE-2015-2713

CVE-2015-2713 is a use-after-free in Mozilla Firefox (SetBreaks) affecting Firefox before 38.0, Firefox ESR before 31.7, and Thunderbird before 31.7. An attacker could craft a document with specific CSS tokens for vertical text to cause heap memory corruption, enabling remote code execution or a ...

CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a document containing crafted text in...

Mozilla Thunderbird SVG Content and CSS Handling Buffer Overflow Vulnerability

Mozilla Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A buffer overflow vulnerability exists in Mozilla Thunderbird's handling of SVG content and CSS, which allows remote attackers to exploit the vulnerability by submitting a specially crafted HTML message that c...

UBUNTU-CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets CSS token sequence...

Firefox < 38.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code...

Firefox < 38.0 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications IPC implementation due to a failure to validate the identity of a listener...

Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary...

Firefox 38 Fixes 13 Flaws, Ships With DRM Support

Mozilla has fixed 13 security flaws in Firefox 38, including five critical vulnerabilities. The new version of the browser also includes a feature that enables the use of DRM-enabled video content in Firefox, a decision that comes with some controversy. DRM digital rights management, the generic...

Buffer overflow with SVG content and CSS — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Microsoft Internet Explorer CQuotes Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

KLA10536 Multiple vulnerabilities in Citrix NetScaler

Multiple serious vulnerabilities have been found in Citrix NetScaler. Malicious users can exploit these vulnerabilities to execute or inject arbitrary code and conduct XSS attack. Below is a complete list of vulnerabilities 1. XSS vulnerability can be exploited remotely via a specially designed...

[SECURITY] Fedora 21 Update: drupal7-ctools-1.7-1.fc21

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Internet Explorer HTML CSS Tag Rendering Memory Corruption (MS10-018) - Ver2 (CVE-2010-0807)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to exit unexpectedly...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...