Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120717)

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2012-1948,...

CentOS Update for firefox CESA-2012:1088 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-1959

CVE-2012-1959 affects Mozilla Firefox 4.x–13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0–13.0 and Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11. The root cause is the failure to consider same-compartment security wrappers (SCSW) during cross-compartment wrapping, allowing r...

CVE-2012-1959

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers SCSW during the cross-compartment wrapping of objects, which allows remo...

Same-compartment Security Wrappers can be bypassed — Mozilla

Mozilla developer Bobby Holley found that same-compartment security wrappers SCSW can be bypassed by passing them to another compartment. Cross-compartment wrappers often do not go through SCSW, but have a filtering policy built into them. When an object is wrapped cross-compartment, the SCSW is...