JavaScript engine vulnerabilities — Mozilla

Continuing our security audit of the JavaScript engine, Mozilla developers found and fixed several potential vulnerabilities...

CentOS 3 : mozilla (CESA-2005:384)

Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...

USN-276-1: Thunderbird vulnerabilities

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. CVE-2006-0292, CVE-2006-1742 The function...

Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. CVE-2006-0292, CVE-2006-1742 The function...

USN-275-1: Mozilla vulnerabilities

Web pages with extremely long titles caused subsequent launches of Mozilla browser to hang for up to a few minutes, or caused Mozilla to crash on computers with insufficient memory. CVE-2005-4134 Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables...

security flaw

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

Mozilla products vulnerable to memory corruption via large regular expression in JavaScript

Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles a large regular expression could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description A regular expression is a special text stri...

Memory corruption

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

DEBIAN-CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

CVE-2006-1742

CVE-2006-1742 affects Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0. The issue stems from improper handling of temporary variables that are not garbage collected, which could allow remote attackers to access freed memo...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

security flaw

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)

Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files CVE-2005-2353. A bug in the way Thunderbird processes XBM images could be us...

Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)

A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. CAN-2005-2701 Mats Palmgren discovered a buffer overflow in the Unicode string parser...

MDKSA-2005:169 : mozilla-firefox

A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file CVE-2005-2701. A bug in the way Firefox handles certain Unico...

Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)

Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs which is the default in Ubuntu, this could be exploited to execute...