Remote Code Execution (RCE)

Mozilla Thunderbird is vulnerable to remote code execution RCE. A flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird...

Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. CVE-2011-0080...

K-Meleon Browser 1.5.4 Denial of Service

Exploit for windows platform in category dos / poc Title: ====== K-Meleon Browser v1.5.4 - Denial of Service Vulnerability Introduction: ============= K-Meleon is an extremely fast, customizable, lightweight web browser based on the Gecko layout engine developed by Mozilla which is also used by...

K-Meleon Browser v1.5.4 - Denial of Service Vulnerability

Document Title: =============== K-Meleon Browser v1.5.4 - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=510 Release Date: ============= 2012-04-13 Vulnerability Laboratory ID VL-ID: ==================================== 5...

CentOS Update for seamonkey CESA-2011:0473 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability

No description provided by source. $Id: mozillanstreerange.rb 13148 2011-07-10 21:10:45Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

Mozilla Firefox - 'nsTreeRange' Dangling Pointer (2)

Advisory : Abysssec Public Exploit : This module exploits a code execution vulnerability in Mozilla Firefox = 3.6.16 caused by nsTreeSelection element. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function...

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. CVE-2011-0081 It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If...

Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox...

USN-1112-1: Firefox and Xulrunner vulnerabilities

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. CVE-2011-0081 It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability

ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-173 September 13, 2010 -- CVE ID: CVE-2010-2760 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products:...

Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fix...

Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection,...

Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection,...

Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection,...

Dangling pointer vulnerability in nsTreeSelection — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially...

ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability

ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-131 July 20, 2010 -- CVE ID: CVE-2010-2753 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla...

Mozilla Foundation Security Advisory 2010-40

Mozilla Foundation Security Advisory 2010-40 Title: nsTreeSelection dangling pointer remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox...

Mozilla nsTreeSelection dangling pointer remote code execution vulnerability

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-fre...