Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 29.09.2008
Published:30.09.2008
Source:
SecurityVulns ID:9310
Type:client
Threat Level:
7/10
Description:Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages.")
 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.)
 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.)
 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.)
 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug.")
 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug.")
 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.)
 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.)
 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.)
 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.)
 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.)
 CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.)
 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.)
 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.)
 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.)
Original documentdocumentAditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-37 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-38 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-39 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-40 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-41 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-42 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-43 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-44 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-45 (29.09.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-46 (29.09.2008)

CA Service Desk crossite scripting
updated since 30.09.2008
Published:30.09.2008
Source:
SecurityVulns ID:9314
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting vulnerabilities.
Affected:CA : CA Service Desk 11.2
 CA : CA CMDB 11.0
 CA : CA CMDB 11.1
 CA : CA CMDB 11.2
CVE:CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms.")
Original documentdocumentCA, CA Service Desk Multiple Cross-Site Scripting Vulnerabilities (30.09.2008)

Linksys WRT350N unauthorized access
Published:30.09.2008
Source:
SecurityVulns ID:9315
Type:remote
Threat Level:
5/10
Description:Outdated SAMBA version is used, default admin:admin account is present and default guest account.
Affected:LINKSYS : WRT350N
Original documentdocumentTeh Kotak, Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration (30.09.2008)

DATAC RealWin buffer overflow
Published:30.09.2008
Source:
SecurityVulns ID:9316
Type:remote
Threat Level:
5/10
Description:Buffer overflow on TCP/910 network packet reading.
Affected:DATAC : RealWin 2.0
Original documentdocumentReversemode, DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit (30.09.2008)
Files:DATAC RealWin 2.0 SCADA Software - Remote PreaAuth Exploit

MPlayer buffer overflow
Published:30.09.2008
Source:
SecurityVulns ID:9319
Type:client
Threat Level:
6/10
Description:Three integer overflows on video files parsing lead to buffer overflow.
Affected:MPLAYER : MPlayer 1.0
CVE:CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.)
Original documentdocumentAndrea Barisani, [oCERT-2008-013] MPlayer Real demuxer heap overflow (30.09.2008)

Checkpoint ZoneAlarm DoS
Published:30.09.2008
Source:
SecurityVulns ID:9321
Type:remote
Threat Level:
6/10
Description:HTTP traffic parsing DoS.
Affected:CHECKPOINT : ZoneAlarm 8.0
Original documentdocumentquakerdoomer_(at)_fmguy.com, Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector) (30.09.2008)

Novell ZenWorks ActiveX buffer overflow
Published:30.09.2008
Source:
SecurityVulns ID:9322
Type:client
Threat Level:
6/10
Description:CanUninstall method buffer overflow.
Affected:NOVELL : ZENWorks for Desktops 6.5
Original documentdocumentSatan_HackerS_(at)_Yahoo.com, Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC (30.09.2008)

HP Insight Diagnostics unauthorized files access
Published:30.09.2008
Source:
SecurityVulns ID:9323
Type:remote
Threat Level:
6/10
Affected:HP : Insight Diagnostics 7.9
 HP : HP SmartStart CD 7.90
CVE:CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02373 SSRT071467 rev.1 - HP Insight Diagnostics, Remote Unauthorized Access to Files (30.09.2008)

Multiple FTP servers unsafe fgets() vulnerability
updated since 30.09.2008
Published:11.01.2009
Source:
SecurityVulns ID:9317
Type:remote
Threat Level:
5/10
Description:It's possible to embed additional commands into URLs.
Affected:FREEBSD : FreeBSD 7.0
 NETBSD : NetBSD 4.0
 OPENBSD : OpenBSD 4.3
CVE:CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd (11.01.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd (09.01.2009)
 documentMaksymilian Arciemowicz, multiple vendor ftpd - Cross-site request forgery (30.09.2008)

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008
Published:12.02.2009
Source:
SecurityVulns ID:9318
Type:client
Threat Level:
5/10
Description:Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 0.2
 OPERA : Opera 9.52
Original documentdocumentMustLive, DoS vulnerability in Internet Explorer 7 (12.02.2009)
 documentMustLive, DoS vulnerability in Mozilla, Opera and Google Chrome (01.11.2008)
 documentMustLive, DoS vulnerability in Firefox, Internet Explorer and Google Chrome (01.11.2008)
 documentAditya K Sood, Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability. (26.10.2008)
 documentMustLive, DoS vulnerabilities in Mozilla, Internet Explorer, Google Chrome and Opera (24.10.2008)
 documentMustLive, DoS vulnerability in Internet Explorer (01.10.2008)
 documentUniquE_(at)_UniquE-Key.Org, MS Internet Explorer 7 Denial Of Service Exploit (30.09.2008)
 documentAditya K Sood, Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. (30.09.2008)
 documentAditya K Sood, Advisory : Opera Window Object Suppressing Remote Denial of Service (30.09.2008)
 documentAditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008)
 documentMustLive, DoS vulnerability in Google Chrome (30.09.2008)
 documentMustLive, DoS vulnerability in Opera (30.09.2008)
 documentMustLive, DoS vulnerability in Firefox (30.09.2008)
Files:Firefox, Opera, Chrome window priting DoS exploit
 Internet Explorer memory bomb exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod