 |
|
|
|
| Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities | | Published: |  | 18.07.2008 | | Source: |  | MOZILLA | | SecurityVulns ID: |  | 9154 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI. |
| Affected: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | MOZILLA : Firefox 3.0 | | CVE: |  | CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.) | | | | CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.) | | | | CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.) |
|
|
|
|
|
|
|
|
