USN-701-1: Thunderbird vulnerabilities

Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...

Mozilla Thunderbird < 2.0.0.19 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2008-60 - XBL bindings can be used ...

Linux kernel multiple security vulnerabilities

Double listen on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chipcommand NULL pointer dereference. HFS file sytem...

Mozilla Firefox < 2.0.0.20 Cross-Domain Data Theft

Binary data 4796.prm...

openSUSE 10 Security Update : seamonkey (seamonkey-5880)

The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the...

USN-690-3: Firefox vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...

USN-690-2: Firefox vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An...

Mozilla Foundation Security Advisory 2008-68

Mozilla Foundation Security Advisory 2008-68 Title: XSS and JavaScript privilege escalation Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description Mozill...

Mozilla Foundation Security Advisory 2008-61

Mozilla Foundation Security Advisory 2008-61 Title: Information stealing via loadBindingDocument Impact: Moderate Announced: December 16, 2008 Reporter: Boris Zbarsky Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description Mozilla...

USN-690-1: Firefox and xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

CVE-2008-5511

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

Security feature bypass

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL...

Cross site scripting

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

CVE-2008-5503

CVE-2008-5503 affects Mozilla Firefox 2.x up to 2.0.0.19, Mozilla Thunderbird 2.x up to 2.0.0.19, and SeaMonkey 1.x up to 1.1.14. The vulnerability arises from the loadBindingDocument function failing to enforce same-domain policy checks, enabling remote attackers to read or access data from othe...

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...