46 matches found
EUVD-2009-1831
Malware in sbrugna...
EUVD-2009-2054
Malware in sbrugna...
EUVD-2009-2056
Malware in sbrugna...
EUVD-2009-2055
Malware in sbrugna...
CVE-2009-2059
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...
CVE-2009-2057
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...
SUSE CVE-2009-1836
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...
SUSE CVE-2009-2057
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...
openSUSE 10 Security Update : seamonkey (seamonkey-6538)
seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...
openSUSE Security Update : seamonkey (seamonkey-1364)
seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...
openSUSE Security Update : seamonkey (seamonkey-1364)
seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...
SuSE9 Security Update : epiphany (YOU Patch Number 12519)
This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...
openSUSE 10 Security Update : opera (opera-6473)
Opera version 10 includes at least security fixes for an XML denial-of-service bug CVE-2009-1234 and the 'SSL tampering' attack CVE-2009-2059, CVE-2009-2063, CVE-2009-2067, CVE-2009-2070. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)
The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues : - Crashes with evidence of memory corruption rv:1.9.0.11. MFSA 2009-24 / CVE-2009-1392 / CVE-2009-1832 / CVE-2009-1833 - bmo479413 URL spoofing with invalid unicode characters. MFSA 2009-25 /...
openSUSE Security Update : opera (opera-1261)
Opera version 10 includes at least security fixes for an XML denial-of-service bug CVE-2009-1234 and the 'SSL tampering' attack CVE-2009-2059, CVE-2009-2063, CVE-2009-2067, CVE-2009-2070. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
openSUSE Security Update : opera (opera-1261)
Opera version 10 includes at least security fixes for an XML denial-of-service bug CVE-2009-1234 and the 'SSL tampering' attack CVE-2009-2059, CVE-2009-2063, CVE-2009-2067, CVE-2009-2070. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1091)
Mozilla Thunderbird was updated to the 2.0.0.22 security release. It fixes various bugs and security issues : - MFSA-2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304 CVE-2009-1305 Crashes with evidence of memory corruption rv:1.9.0.9 - MFSA 2009-17/CVE-2009-1307 bmo481342 Same-origin violations...
Protection against Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests
Mozilla Firefox, Thunderbird and SeaMonkey use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server. A vulnerability was reported in Mozilla Firefox, a feely available Web browser. The vulnerability resides in the handling of non-2...
Firefox SSL tampering via non-200 responses to proxy CONNECT requests
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...
SeaMonkey < 1.1.17 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 1.1.17. Such versions are potentially affected by the following security issues : - When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage...