12 matches found
Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)
Security issues were identified and fixed in firefox 3.0.x and 3.5.x : Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and ...
Mandriva Security Advisory MDVSA-2009:339 (firefox)
The remote host is missing an update to firefox announced via advisory MDVSA-2009:339. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
Firefox内容注入网页欺骗漏洞
BUGTRAQ ID: 37370 CVE ID: CVE-2009-3985 Firefox是一款流行的开源WEB浏览器。 恶意网页可以将document.location设置为无法正确显示的URL,然后向所生成的空白页中注入内容。攻击者可以利用这个漏洞在地址栏中放置看起来合法但实际上无效的URL,并向页面中注入HTML和JavaScript,执行欺骗攻击。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁: Debian ------...
iGaming CMS v1.5 CSRF Vulnerability
Exploit for unknown platform in category web applications =================================== iGaming CMS v1.5 CSRF Vulnerability =================================== NeX of the HackTalk team has found a CSRF Vulnerability in iGaming CMS v 1.5 that allows an attacker to make new administrative...
Mozilla Firefox libpr0n GIF解析器堆溢出漏洞
BUGTRAQ ID: 36855 CVE ID: CVE-2009-3373 Firefox是一款流行的开源WEB浏览器。 Firefox的libpr0n GIF解析器使用gifimageheader语句解释单个单个图形/帧描述记录。一个GIF文件可能包含有多个图形,每个图形都关联到不同的颜色映射。 在处理多图形GIF文件中后面图形颜色映射的变化时没有正确地管理内存重新分配,用户受骗打开包含有GIF文件的恶意网页就可能触发堆溢出,导致执行任意指令。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 1.1.x...
CVE-2009-3374
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to...
Mandrake Security Advisory MDVSA-2009:182 (firefox)
The remote host is missing an update to firefox announced via advisory MDVSA-2009:182. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
Mandrake Security Advisory MDVSA-2009:198 (firefox)
The remote host is missing an update to firefox announced via advisory MDVSA-2009:198. OpenVAS Vulnerability Test $Id: mdksa2009198.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:198 firefox Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
CVE-2009-0689
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
CVE-2009-1232
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service memory corruption via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected...
CVE-2009-0071
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a certain a replaceChild or b removeChild call, followed by a 1 queryCommandValue, 2 queryCommandState, or 3...
Firefox 3.0.x < 3.0.2 Multiple Vulnerabilities
The installed version of Firefox 3.0 is earlier than 3.0.2. Such versions are potentially affected by the following security issues : - An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on MFSA 2008-40. - Privilege...