17 matches found
SUSE CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
Debian DSA-1046-1 : mozilla - several vulnerabilities
Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...
CentOS 4 : firefox (CESA-2006:0200)
An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpret...
Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)
Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. CVE-2006-0292, CVE-2006-1742 The function...
DSA-1046-1 mozilla - several
Bulletin has no description...
Multiple Mozilla / Firefox / Thinderbird vulnerabilities
Javascript code execution, heap memory corruption with styles, memory corruption with QueryInterface, code execution with XULDocument.persist, multiple integer overflows, information leak from nsExpatDriver::ParseBuffer. Silen trojan code installation is potentially possible...
Fedora Core 4 : firefox-1.0.7-1.2.fc4 (2006-076)
Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures...
RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0199)
Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukano...
Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"
Overview A vulnerability in some Mozilla products that could allow a remote attacker to execute Javascript commands with the permissions of the user running the affected application. Description According to the Mozilla advisory on this issue:XULDocument.persist did not validate the attribute nam...
DEBIAN-CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
CVE-2006-0296
CVE-2006-0296 affects Mozilla Suite components including Mozilla/Firefox up to 1.5.0.1 and SeaMonkey up to 1.0. The vulnerability arises in the XULDocument.persist function where the attribute name is not validated, enabling remote attackers to inject RDF data into the user’s localstore.rdf and e...
CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
mozilla security update
CentOS Errata and Security Advisory CESA-2006:0199 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2006-February/074774.html https://lists.centos.org/pipermail/centos-announce/2006-February/074775.html...
Critical: Red Hat Security Advisory: firefox security update
An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpret...
Localstore.rdf XML injection through XULDocument.persist() — Mozilla
XULDocument.persist did not validate the attribute name, allowing an attacker to inject XML into localstore.rdf that would be read and acted upon at startup. This could include JavaScript commands that would be run with the permissions of the browser...