Linux Distros Unpatched Vulnerability : CVE-2014-1592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before...

SUSE CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document duri...

Arbitrary Code Execution

firefox/thunderbird is vulnerable to arbitrary code execution. A use-after-free vulnerability in the function nsHtml5TreeOperation in xul.dll allows a remote attacker to execute arbitrary code via a second root element to an HTML5 document...

CVE-2011-0065 Firefox after the release reuse vulnerability-vulnerability warning-the black bar safety net

Author: k0shl reprint please indicate the source: http://whereisk0shl.top Today is mother's Day, wish all mothers good health, happiness and happy! Vulnerability description Software download: https://www.exploit-db.com/apps/1b7d038f1ca394ef19714846091f7464-FirefoxSetup3.6.16.exe PoC: !/...

CVE-2014-1592

CVE-2014-1592 is a use-after-free in Mozilla Firefox’s nsHtml5TreeOperation (xul.dll) that enables remote code execution by adding a second root element to an HTML5 document during parsing. Affected products/versions include Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird b...

CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document duri...

[Firefox] убираем кодирование кавычек в URL | Firefox URL quote encoding patch

See next post for English description! Патч призван устранить кодирование кавычек ',", в HTTP запросах. Начиная с версии 3.0 коммит, Firefox стал урл-кодировать одинарную кавычку ' в %27. Данное поведение нередко может помешать обнаружить SQL инъекцию в веб-приложениях, например, при участии...

Mozilla Firefox 4.0 (xul.dll) DLL Hijacking Exploit

Exploit for windows platform in category local exploits Exploit Title: Mozilla Firefox 4.0 xul.dll using .shtml DLL Hijacking Exploit Author: Caddy-Dz Facebook Page: www.facebook.com/islam.caddy E-mail: email protected Category: Local Exploit Tested on: Windows Xp Sp 2 | Special Greets To :...

Mozilla Firefox 3.6.3 USP10.dll和xul.dll库多个拒绝服务漏洞

CVECAN ID: CVE-2010-1986,CVE-2010-1987,CVE-2010-1988 Firefox是非常流行的开源WEB浏览器。 Firefox的xul.dll库中的gfxWindowsFontGroup::MakeTextRun函数和USP10.dll库的 DoubleWideCharMappedString类中存在多个拒绝服务漏洞。如果网页中的JavaScript代码可创建包含有超长字符串元素的数组之后将超长字符串附加到了P元素的内容，就会触发内存破坏或空指针引用，导致浏览器崩溃。 Mozilla Firefox 3.6.3 厂商补丁： Mozilla...

Design/Logic Flaw

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

CVE-2010-1987

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption, out-of-bounds read, and application crash via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring...

CVE-2010-1986

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

CVE-2010-1987

Mozilla Firefox 3.6.3 on Windows XP SP3 is affected by CVE-2010-1987, allowing remote attackers to trigger memory consumption and a crash through crafted JavaScript that appends long strings to a P element and performs string operations. The root cause is tied to DoubleWideCharMappedString in USP...

CVE-2009-1837

CVE-2009-1837 describes a race condition in Mozilla Firefox 3 before 3.0.11 within NPObjWrapper_NewResolve in nsJSNPRuntime.cpp of xul.dll. The vulnerability could allow remote code execution via a page transition during Java applet loading, related to a use-after-free involving memory tied to a ...

CVE-2009-1837

Race condition in the NPObjWrapperNewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for...