Mozilla Firefox / Thunderbird / Seamonkey multiple security vulonerabilities updated since 10.02.2008
Published:		11.02.2008
Source:		MOZILLA
SecurityVulns ID:		8648
Type:		client
Level:		9/10
Description:		Multiple memory corruptions, input focus stealing, code execution, stored information corruption, directory traversal, information leaks, dialog spoffing.

Affected:		MOZILLA : Firefox 2.0
		MOZILLA : Thunderbird 2.0
		MOZILLA : SeaMonkey 1.1
CVE:		CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.)
		CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.)
		CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.)
		CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 allows user-assisted remote attackers to cause users to confirm a timer-enabled security dialog by using a timer to change the window focus.)
		CVE-2008-0419
		CVE-2008-0418
		CVE-2008-0417
		CVE-2008-0415
		CVE-2008-0414
		CVE-2008-0413
		CVE-2008-0412

Original document		carl hardwick, [Full-disclosure] Firefox 2.0.0.12 information leak vulnerability (11.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-11 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-10 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-09 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-08 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-06 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-05 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-04 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-03 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-02 (10.02.2008)
		MOZILLA, Mozilla Foundation Security Advisory 2008-01 (10.02.2008)

Files:		Firefox 2.0.0.12 information leak vulnerability PoC
Discuss:		Read or add your comments to this news (0 comments)

Linux kernel multiple security vulnerabilities updated since 11.02.2008
Published:		12.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8659
Type:		local
Level:		7/10
Description:		Kernel memory access with vmsplice syscall, access between virtual machines with /proc

Affected:		LINUX : kernel 2.6
CVE:		CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.)
		CVE-2008-0163
		CVE-2008-0010

Original document		Wojciech Purczynski, CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference (12.02.2008)
		DEBIAN, [Full-disclosure] [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation (11.02.2008)

Discuss:

Read or add your comments to this news (0 comments)