Firefox < 27.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists related to...

Mozilla Thunderbird < 24.3 Multiple Vulnerabilities

Binary data 8100.prm...

SeaMonkey < 2.24 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists relat...

Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...

Firefox < 27.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists related...

Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to System...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

PNG Image Metadata Found Leveraging iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections. The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply...

Incorrect use of discarded images by RasterImage — Mozilla

Fredrik 'Flonka' Lönnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

OpenJDK: XXE issue in decoder (Beans, 8023245)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...

DEBIAN-CVE-2011-3944

The smackerdecodeheadertree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data...

bugs in IJG jpeg6b &amp; libjpeg-turbo

Dearly beloved, So, for one reason or another, the IJG jpeg library has gained some notoriety as one of the most robust pieces of complex, security-critical C code. Despite countless fuzzing efforts, I don't recall any reports of serious vulnerabilities at least since the release of jpeg6b in 199...

CVE-2013-0875

The ffaddpngpaethprediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access...

Design/Logic Flaw

The oldcodec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access...

Design/Logic Flaw

The ffaddpngpaethprediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access...

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

MGASA-2013-0333 Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component Y in presence of valid chroma data Cr, Cb CVE-2013-6629. libjpeg-turbo will use uninitialized memory when handli...

SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 (Mozilla Suite)

Check for the Version of Mozilla Suite OpenVAS Vulnerability Test $Id: gbsuse201316331.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Mozilla Suite openSUSE-SU-2013:1633-1 Mozilla Suite Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH,...

IE Zero Day Watering Hole Attack Injects Malware into Memory

Microsoft may be promising a relatively light Patch Tuesday release tomorrow, but that doesn’t mean its researchers and developers won’t have their hands full. Not only is Microsoft busy on a patch for the TIFF zero day vulnerability reported two weeks ago, but now another previously unreported...