DEBIAN-CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

USN-6441-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...

Memory leak vulnerability in several Huawei products

Huawei CloudEngine 12800 and others are CloudEngine series switch products from Huawei, China. A memory leak vulnerability exists in several Huawei products, which stems from the program not freeing memory requested for processing messages. An attacker could cause a denial of service by sending a...

Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)

USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the...

Ubuntu 11.04 : thunderbird regression (USN-1122-3)

USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. It was discovered that there was a vulnerability in the memory handling of certain...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. CVE-2011-0081 It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker...

Ubuntu Update for firefox USN-1112-1

Ubuntu Update for Linux kernel vulnerabilities USN-1112-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11121.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for firefox USN-1112-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for thunderbird USN-1122-2

Ubuntu Update for Linux kernel vulnerabilities USN-1122-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN11222.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for thunderbird USN-1122-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net...

USN-1122-2: Thunderbird vulnerabilities

USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. Original advisory details: It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibl...

Mandriva Update for firefox MDVSA-2011:079 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)

Mozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances,...

Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)

Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while...

Mozilla Foundation Security Advisory 2011-16

Mozilla Foundation Security Advisory 2011-16 Title: Directory traversal in resource: protocol Impact: Moderate Announced: April 28, 2011 Reporter: Soroush Dalili Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 Thunderbird 3.1.10 SeaMonkey 2.0.14 Description...

Mozilla directory traversal via resource protocol (MFSA 2011-16)

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL...

Mozilla Firefox < 3.5.19 Multiple Vulnerabilities

Binary data 801247.prm...

Mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-12 Miscellaneous memory safety hazards MFSA 2011-13 Multiple dangling pointer vulnerabilities MFSA 2011-14 Information stealing via form history MFSA 2011-15 Escalation of privilege through Java Embedding Plugin MFSA 2011-16 Directory traversal in resource:...

SeaMonkey < 2.0.14 Multiple Vulnerabilities

Binary data 5904.prm...

Mozilla Foundation Security Advisory 2008-44

Mozilla Foundation Security Advisory 2008-44 Title: resource: traversal vulnerabilities Impact: Moderate Announced: September 23, 2008 Reporter: Boris Zbarsky, Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12...

USN-645-1: Firefox and xulrunner vulnerabilities

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...

resource: traversal vulnerabilities — Mozilla

Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes...