Code injection

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

CVE-2014-1882

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

CVE-2014-1882

Affected software: Apache Cordova 3.3.0 and earlier; Adobe PhoneGap 2.9.0 and earlier. Root cause: An event-based bridge can be bypassed via a crafted library clone that uses IFRAME script execution to directly access bridge JavaScript objects, demonstrated by cordova.require calls. Impact: Remot...

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

SUSE-SU-2015:0446-1 Security update for Mozilla Firefox

This update to Firefox 17.0.9esr bnc840485 addresses: MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o CVE-2013-1737 MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity CVE-2013-1735 o Memory corruption in...

Mozilla Thunderbird 17.x through 23.x Multiple Vulnerabilities

The installed version of Thunderbird is 17.x or later but prior to 24. It is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tre...

CVE-2013-1725

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/srpm/x86_64 (20130917)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730,...

Mozilla Thunderbird < 24.0

Binary data 8011.prm...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/srpm/x86_64 (20130917)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735...

Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a...

CVE-2013-0745

This CVE (CVE-2013-0745) affects Mozilla Firefox prior to 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15. It is caused by the AutoWrapperChanger not interacting correctly with garbage collection, enabling remote code ...

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a...

CVE-2010-1233

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects...

Integer overflow

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects...

Debian Security Advisory DSA 1227-1 (mozilla-thunderbird)

The remote host is missing an update to mozilla-thunderbird announced via advisory DSA 1227-1. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following...

[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1227-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2006 http://www.debian.org/security/faq -...

Debian DSA-1227-1 : mozilla-thunderbird - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead...

DSA-1227-1 mozilla-thunderbird

Bulletin has no description...