58 matches found
USN-701-1: Thunderbird vulnerabilities
Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...
USN-690-3: Firefox vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...
USN-690-2: Firefox vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...
USN-668-1: Thunderbird vulnerabilities
Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on t...
DSA-1669-1 xulrunner - several vulnerabilities
Bulletin has no description...
Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from...
USN-667-1: Firefox and xulrunner vulnerabilities
Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. CVE-2008-4582 Georgi Guninski, Michal...
nsXMLHttpRequest::NotifyEventListeners() same-origin violation — Mozilla
Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...
Debian DSA-1649-1 : iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overfl...
DSA-1649-1 iceweasel - several vulnerabilities
Bulletin has no description...
USN-647-1: Thunderbird vulnerabilities
It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. CVE-2008-3835 Several problems were discovered in...
Mozilla Thunderbird < 2.0.0.17 Multiple Vulnerabilities
Binary data 4696.prm...
USN-645-3: Firefox and xulrunner regression
USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes t...
USN-645-2: Firefox vulnerabilities
USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS. Original advisory details: Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were...
USN-645-1: Firefox and xulrunner vulnerabilities
Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...
Mozilla Firefox < 2.0.0.17 Multiple Vulnerabilities
Binary data 4692.prm...
SeaMonkey < 1.1.12 Multiple Vulnerabilities
The installed version of SeaMonkey is affected by various security issues : - Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code. MFSA 2008-37 - It is possible to bypass the...
Firefox < 2.0.0.17 Multiple Vulnerabilities
The installed version of Firefox is affected by various security issues : - Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code MFSA 2008-37. - It is possible to bypass the...