745 matches found
libxslt: Heap-double-free in xmlFreeNodeList
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms...
Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that...
Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that...
Scientific Linux Security Update : libxslt on SL3.x, SL4.x, SL5.x i386/x86_64
Anthony de Almeida Lopes reported the libxslt library did not properly process long 'transformation match' conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the applicatio...
php: XSLT file writing vulnerability
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...
php: XSLT file writing vulnerability
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...
Debian DSA-2406-1 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls throu...
Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)
Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...
DSA-2406-1 icedove - several
Bulletin has no description...
USN-1350-1: Thunderbird vulnerabilities
Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user...
USN-1353-1: Xulrunnner vulnerabilities
Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)
Mozilla Firefox was updated to 3.6.26 fixing bugs and security issues. The following security issues have been fixed by this update : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs...
Ubuntu Update for ubufox USN-1355-3
Ubuntu Update for Linux kernel vulnerabilities USN-1355-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN13553.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ubufox USN-1355-3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnmacosxfeb12.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 MAC OS X Authors: Madhu...
SuSE 11.1 Security Update : MozillaFirefox (SAT Patch Number 5754)
This update provides Mozilla Firefox 10, which provides many fixes, security and feature enhancements. For a detailed list, please have a look at http://www.mozilla.org/en-US/firefox/10.0/releasenotes/ and http://www.mozilla.org/de/firefox/features/ The following security issues have been fixed i...
Mozilla Products Multiple Unspecified Vulnerabilities (Feb 2012) - Mac OS X
Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwinfeb12.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 Windows Authors: Madhuri D...
Code injection
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...
CVE-2012-0057
CVE-2012-0057 affects PHP up to version 5.3.8 (prior to 5.3.9), where improper libxslt security settings allow remote attackers to create arbitrary files via a crafted XSLT stylesheet using the libxslt output extension. The connected advisories confirm this vulnerability across multiple distribut...
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...