MozillaFirefox (critical)

MozillaFirefox has been updated to version 3.6.24 to fix the following security issues: MFSA 2011-46/CVE-2011-3647 bmo680880 loadSubScript unwraps XPCNativeWrapper scope parameter MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-49/CVE-2011-3650 bmo674776...

Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows)

The host is installed with Mozilla firefox/thunderbird and is prone to cross site scripting and memory corruption vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsxssnmemcrptnvulnwin.nasl 7006 2017-08-25 11:51:20Z teissa $ Mozilla Products XSS and Memory Corruption Vulnerabilities...

Mozilla Products XSS and Memory Corruption Vulnerabilities (MAC OS X)

The host is installed with Mozilla firefox/thunderbird and is prone to cross site scripting and memory corruption vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsxssnmemcrptnvulnmacosx.nasl 7052 2017-09-04 11:50:51Z teissa $ Mozilla Products XSS and Memory Corruption Vulnerabilitie...

Mozilla Products XSS and Memory Corruption Vulnerabilities - Mac OS X

Mozilla Firefox/Thunderbird is prone to cross site scripting and memory corruption vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mozilla Products XSS and Memory Corruption Vulnerabilities - Windows

Mozilla Firefox/Thunderbird is prone to cross site scripting and memory corruption vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1251-1)

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the Mozill...

Ubuntu: Security Advisory (USN-1251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1251-1: Firefox and Xulrunner vulnerabilities

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the Mozill...

Debian DSA-2341-1 : iceweasel - several vulnerabilities

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-3647 'mozbugra4' discovered a privilege escalation vulnerability in addon handling. -...

Debian DSA-2342-1 : iceape - several vulnerabilities

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-3647 'mozbugra4' discovered a privilege escalation vulnerability in addon handling. - CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could...

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

CVE-2011-3648

CVE-2011-3648 is an XSS vulnerability in Mozilla Firefox prior to 3.6.24 and 4.x through 7.0 and in Thunderbird prior to 3.1.6 and 5.0 through 7.0. It allows remote attackers to inject arbitrary web script or HTML via crafted text encoded in Shift_JIS. Affected products include Firefox and Thunde...

Mozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities

The installed version of Thunderbird 3.1.x is earlier than 3.1.16 and is potentially affected by the following vulnerabilities: - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could...

Thunderbird 7.x Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 7.x is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding, which can allow cross-site scripting attacks. CVE-2011-3648 - Profiling JavaScript files with many functions can cause...

Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an...

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

Mozilla Thunderbird < 8.0 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. CVE-2011-3648 - The addition of the 'Azure' graphi...

Firefox < 8.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. CVE-2011-3648 - The addition of the 'Azure' graphics...