The vulnerabilities of Firefox ESR and Firefox, the rendering software Graphite 2, allow attackers to induce service failures or exert other effects.

The vulnerability of the graphite2::Slot::getAttr function Slot.cpp in Firefox ESR and Firefox browsers, as well as in the Graphite 2 rendering software, arises due to buffer overflows. Exploiting this vulnerability can allow an attacker to cause service interruptions or other effects through a...

graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

DEBIAN-CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

CVE-2016-2792

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

CVE-2016-2800

The Graphite 2 font rendering library is affected by CVE-2016-2800 and CVE-2016-2792. In Graphite 2, the vulnerability resides in graphite2::Slot::getAttr (Slot.cpp) and can be triggered when processing crafted Graphite fonts, as used by Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to...

UBUNTU-CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

kernel security and bug fix update

2.6.18-238.5.1.0.1.el5 - scsi fix scsi hotplug and rescan race orabug 10260172 - fix filpclose race Joe Jin orabug 10335998 - fix missing aiocomplete in endio Joel Becker orabug 10365195 - make xenkbd.abspointer=1 by default orabug 67188919 - xen check to see if hypervisor supports memory...

nfs-ls NSE Script

Attempts to get useful information about files from NFS exports. The output is intended to resemble the output of ls. The script starts by enumerating and mounting the remote NFS exports. After that it performs an NFS GETATTR procedure call for each mounted point in order to get its ACLs. For eac...