Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. CVE-2006-0292, CVE-2006-1742 The function...

JavaScript execution in mail when forwarding in-line — Mozilla

Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message. Forwarding mail in-line is not the default setting but it is easily accessed through the "Forward As" menu item...

CVE-2004-2482

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property ...

Security Bulletin MS02-021: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)

---------------------------------------------------------------------- Title: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward Q321804 Date: 25 April 2002 Software: Microsoft Outlook Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-021 Microsoft...