EUVD-2006-0306

Malware in sbrugna...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-668-1)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on t...

Ubuntu: Security Advisory (USN-668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1696-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer...

USN-668-1: Thunderbird vulnerabilities

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on t...

Debian DSA-1671-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in the http-index-forma...

DSA-1671-1 iceweasel - several vulnerabilities

Bulletin has no description...

Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities

Binary data 4762.prm...

Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...

Mozilla Foundation Security Advisory 2008-58

Mozilla Foundation Security Advisory 2008-58 Title: Parsing error in E4X default namespace Impact: Low Announced: November 12, 2008 Reporter: Chris Evans Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Thunderbird 2.0.0.18 SeaMonkey 1.1.13 Description Security...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...

Memory corruption

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via unknown vectors that trigger memory corruption, as demonstrated by...

Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities

The installed version of Firefox 3.0 is earlier than 3.0.4. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. MFSA 2008-47 - 'file:' URIs are given chrome privileges when opene...

Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities

Binary data 4751.prm...

Mozilla Firefox 3.x < 3.0.4 Multiple Vulnerabilities

Binary data 4752.prm...

Parsing error in E4X default namespace — Mozilla

Security researcher Chris Evans reported an error in the method used to parse the default namespace in an E4X document. The error was caused by quote characters in the namespace not being properly escaped. The severity of this issue was determined to be low...

Design/Logic Flaw

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...

CVE-2006-0299

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...

CVE-2006-0299

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin...

CVE-2006-0299

CVE-2006-0299 affects Mozilla Firefox up to 1.5.0.1, Thunderbird 1.5 (when JavaScript runs in mail), and SeaMonkey before 1.0. The issue arises from the E4X implementation exposing the internal AnyName object to external interfaces, allowing multiple cooperating domains to exchange information an...