[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2010:125 -- Mandriva firefox

ID: oval:org.secpod.oval:def:300107Date: (C)2012-01-07   (M)2023-11-09
Class: PATCHFamily: unix




Security issues were identified and fixed in firefox: An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an in-session phishing attack. The JavaScript implementation in Mozilla Firefox 3.x allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method . Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow . Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both Content-Disposition: attachment and Content-Type: multipart are present in HTTP headers, which allows remote attackers to conduct cross-site scripting attacks via an uploaded HTML document . Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances . Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node . Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors . Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors . Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program

Platform:
Mandriva Linux 2010.0
Mandriva Linux 2009.0
Mandriva Linux 2009.1
Mandriva Linux 2008.0
Product:
firefox
Reference:
MDVSA-2010:125
CVE-2010-1203
CVE-2010-1202
CVE-2010-1200
CVE-2010-1199
CVE-2010-1198
CVE-2010-1197
CVE-2010-1196
CVE-2008-5913
CVE-2010-1125
CVE    9
CVE-2008-5913
CVE-2010-1200
CVE-2010-1198
CVE-2010-1199
...
CPE    4
cpe:/o:mandriva:linux:2009.0
cpe:/o:mandriva:linux:2008.0
cpe:/o:mandriva:linux:2009.1
cpe:/o:mandriva:linux:2010.0
...

© SecPod Technologies