[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-728-1 -- Firefox and Xulrunner vulnerabilities

ID: oval:org.secpod.oval:def:700306Date: (C)2011-05-13   (M)2024-02-15
Class: PATCHFamily: unix




Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in Firefox"s garbage collection process. Under certain circumstances a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. Masahiro Yamada discovered that Firefox did not display control characters in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack

Platform:
Ubuntu 8.10
Ubuntu 8.04
Product:
Firefox
Reference:
USN-728-1
CVE-2009-0040
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
CVE-2009-0777
CVE    8
CVE-2009-0040
CVE-2009-0774
CVE-2009-0773
CVE-2009-0772
...
CPE    2
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10

© SecPod Technologies