65 matches found
Heap overflow
DISPUTED TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
CVE-2018-11210
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
CVE-2018-11210
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
CVE-2018-11210
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
CVE-2018-11210
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
CVE-2018-11210
TinyXML2 6.2.0 is affected by a heap-based buffer over-read in XMLDocument::Parse (libtinyxml2.so). The CVE-2018-11210 entry notes this is due to improper use of the library and not a vulnerability in tinyxml2. NVD data lists a high/severe impact (CVSS v3: 9.8, NETWORK/NO AUTH required; all impac...
CVE-2018-11210
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...
tinyxml2: Use-of-uninitialized-value in tinyxml2::StrPair::SetStr
Project: https://github.com/leethomason/tinyxml2.git Detailed report: https://oss-fuzz.com/testcase?key=5185500560228352 Project: tinyxml2 Fuzzer: libFuzzertinyxml2xmltest Fuzz target binary: xmltest Job Type: libfuzzermsantinyxml2 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...
PT-2018-10401 · Tinyxml2 +2 · Tinyxml2 +2
Name of the Vulnerable Software and Affected Versions: TinyXML2 version 6.2.0 Description: The issue is related to a heap-based buffer over-read in the XMLDocument::Parse function. However, the developers of TinyXML2 have determined that the reported issue is due to improper use of the library an...
openSUSE Security Update : libxml2 (openSUSE-SU-2012:1647-1)
A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
Mozilla Products Multiple Vulnerabilities (Apr 2010) - Windows
Mozilla Firefox/Seamonkey/Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwinapr10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilitie Apr-10 Windows Authors: Madhuri D Copyright:...
Mozilla Foundation Security Advisory 2010-24
Mozilla Foundation Security Advisory 2010-24 Title: XMLDocument::load doesn't check nsIContentPolicy Impact: Low Announced: March 30, 2010 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.9 Thunderbird 3.0.4 SeaMonkey 2.0.4 Description Mozill...
Design/Logic Flaw
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictio...
CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictio...
CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictio...
CVE-2010-0182
The CVE-2010-0182 issue affects Mozilla Firefox (pre-3.5.9 and 3.6.x pre-3.6.2), Thunderbird (pre-3.0.4), and SeaMonkey (pre-2.0.4). The root cause is that XMLDocument::load did not perform the expected nsIContentPolicy checks when loading content via XML documents, allowing crafted content to by...
CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictio...
FreeBSD : mozilla -- multiple vulnerabilities (9ccfee39-3c3b-11df-9edc-000f20797ede)
Mozilla Project reports : MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-...
XMLDocument::load() doesn't check nsIContentPolicy — Mozilla
Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons...