Computer Security
[EN] securityvulns.ru no-pyccku


Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
Published:06.03.2009
Source:
SecurityVulns ID:7304
Type:client
Threat Level:
5/10
Description:If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 1.0
CVE:CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
 CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
Original documentdocumentMustLive, Firefox's Charset Remembering strikes back (06.03.2009)
 documentMustLive, Charset Remembering vulnerability в Mozilla Firefox (04.02.2009)
 documentMustLive, Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome (01.02.2009)
 documentStefan Esser, Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability (25.02.2007)

PHP unauthorized access
Published:06.03.2009
Source:
SecurityVulns ID:9711
Type:local
Threat Level:
5/10
Description:mbstring.func_overload setting in .htaccess is applied to all websites.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
CVE:CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:066 ] php (06.03.2009)

libpng uninitialized pointers
Published:06.03.2009
Source:
SecurityVulns ID:9713
Type:library
Threat Level:
6/10
Description:Uninitialized pointer reference on PNG parsing.
CVE:CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)

Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
updated since 06.03.2009
Published:01.04.2009
Source:
SecurityVulns ID:9712
Type:remote
Threat Level:
7/10
Description:Crossite XML access, multiple memory corruptions.
Affected:MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.)
 CVE-2009-1044 (Unspecified vulnerability in Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.)
 CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.)
 CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.)
 CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.)
 CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.)
 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.)
 CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.)
 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.)
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)
Original documentdocumentZDI, ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-12 (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-13 (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-11 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-10 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-09 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-08 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-07 (06.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod