Debian: Security Advisory (DLA-32-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID ...

K10674: Netscape reuse cipher change bug - Qualsys QID 38284

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

SUSE CVE-2004-0718

The 1 Mozilla 1.6, 2 Firebird 0.7, 3 Firefox 0.8, and 4 Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability...

SUSE CVE-2004-0722

Integer overflow in the SOAPParameter object constructor in 1 Netscape version 7.0 and 7.1 and 2 Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code...

SUSE CVE-2005-0399

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer...

SUSE CVE-2005-1156

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."...

SUSE CVE-2005-1157

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute...

SUSE CVE-2005-2261

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection...

SUSE CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

SUSE CVE-2005-2262

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" in Firefox or "Set as Background" in Netscape context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewallin...

SUSE CVE-2005-2265

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service access violation and crash, and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string...

SUSE CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

SUSE CVE-2005-2871

Buffer overflow in the International Domain Name IDN support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a hostname with all "soft" hyphens character 0xAD, which is not...

SUSE CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service CPU consumption and delayed application startup via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE:...

SUSE CVE-2006-0496

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

SUSE CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...

SUSE CVE-2006-6077

The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...

SUSE CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

SUSE CVE-2013-5607

Integer overflow in the PLArenaAllocate function in Mozilla Netscape Portable Runtime NSPR before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service application crash o...