firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

EUVD-2012-1973

Malware in sbrugna...

EUVD-2012-3910

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-1693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7...

Linux Distros Unpatched Vulnerability : CVE-2010-1213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and...

SUSE CVE-2006-3809

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context...

SUSE CVE-2012-3959

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial ...

SUSE CVE-2013-0744

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

SUSE CVE-2013-0755

Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vecto...

Memory corruption

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and Firefox ESR 52.8...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, integer overdlows, privilege escalations, code executions, information leakage...

regular updates for Mozilla applications (FF/TB) (important)

update to Firefox 22.0 and Thunderbird 17.0.7 including the following security fixes MFSA 2013-49 Miscellaneous memory safety hazards MFSA 2013-50 Memory corruption found using Address Sanitizer MFSA 2013-51 Privileged content access and execution via XBL MFSA 2013-52 Arbitrary code execution...

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

chrome: directory traversal

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...

security flaw

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving 1 long strings in the toSource method of the Object, Array, and String objects...

DEBIAN-CVE-2006-1737

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...

Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3...

Important: Red Hat Security Advisory: libpng security update

Updated libpng packages are available that fix a buffer overflow vulnerability. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. Versions of libpng prio...