FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
12bd6ecf-c430-11db-95c5-000c6ec775d9mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2007-08 onUnload + document.write() memory corruption
  • MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
  • MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
  • MFSA 2007-05 XSS and local file access by opening blocked popups
  • MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
  • MFSA 2007-03 Information disclosure through cache collisions
  • MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
  • MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Discovery 2007-02-23
Entry 2007-02-24
Modified 2007-04-19
firefox
< 1.5.0.10,1

gt 2.*,1 lt 2.0.0.2,1

linux-firefox
< 1.5.0.10

lightning
< 0.3.1

seamonkey
linux-seamonkey
< 1.0.8

ge 1.1 lt 1.1.1

thunderbird
linux-thunderbird
mozilla-thunderbird
< 1.5.0.10

linux-firefox-devel
< 3.0.a2007.04.18

linux-seamonkey-devel
< 1.5.a2007.04.18

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla
gt 0

CVE-2006-6077
CVE-2007-0008
CVE-2007-0009
CVE-2007-0775
CVE-2007-0776
CVE-2007-0777
CVE-2007-0778
CVE-2007-0779
CVE-2007-0780
CVE-2007-0800
CVE-2007-0981
CVE-2007-0995
CVE-2007-1092
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
1989b511-ae62-11d9-a788-0001020eed82mozilla -- code execution through javascript: favicons

A Mozilla Foundation Security Advisory reports:

Firefox and the Mozilla Suite support custom "favicons" through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software.

Workaround: Disable Javascript


Discovery 2005-04-12
Entry 2005-04-16
firefox
< 1.0.3,1

linux-firefox
< 1.0.3

mozilla
< 1.7.7,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.7

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

http://www.mozilla.org/security/announce/mfsa2005-37.html
2e28cefb-2aee-11da-a263-0001020eed82firefox & mozilla -- command line URL shell command injection

A Secunia Advisory reports:

Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser.


Discovery 2005-09-06
Entry 2005-09-22
Modified 2005-10-26
firefox
< 1.0.7,1

linux-firefox
< 1.0.7

mozilla
< 1.7.12,2

ge 1.8.*,2

linux-mozilla
< 1.7.12

linux-mozilla-devel
gt 0

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-2968
https://bugzilla.mozilla.org/show_bug.cgi?id=307185
http://secunia.com/advisories/16869/
http://www.mozilla.org/security/announce/mfsa2005-59.html
3ce8c7e2-66cf-11dc-b25f-02e0185f8d72mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.


Discovery 2007-09-18
Entry 2007-09-19
Modified 2007-12-14
firefox
< 2.0.0.7,1

linux-firefox
< 2.0.0.7

seamonkey
linux-seamonkey
< 1.1.5

linux-firefox-devel
< 3.0.a2007.12.12

linux-seamonkey-devel
< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla
gt 0

CVE-2006-4965
http://www.mozilla.org/security/announce/2007/mfsa2007-28.html
3fbf9db2-658b-11d9-abad-000a95bc6faemozilla -- heap overflow in NNTP handler

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers:

Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine.


Discovery 2004-12-29
Entry 2005-01-13
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
gt 0

mozilla-gtk1
linux-mozilla
linux-mozilla-devel
< 1.7.5

mozilla
< 1.7.5,2

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
mozilla+ipv6
mozilla-embedded
mozilla-gtk2
mozilla-gtk
ge 0

CVE-2004-1316
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110436284718949
45b75152-ae5f-11d9-a788-0001020eed82mozilla -- javascript "lambda" replace exposes memory contents

A Mozilla Foundation Security Advisory reports:

A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to a server without user interaction or knowledge.

Workaround: Disable Javascript


Discovery 2005-04-01
Entry 2005-04-16
firefox
< 1.0.3,1

linux-firefox
< 1.0.3

mozilla
< 1.7.7,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.7

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-0989
http://www.mozilla.org/security/announce/mfsa2005-33.html
https://bugzilla.mozilla.org/show_bug.cgi?id=288688
5360a659-131c-11d9-bc4a-000c41e2cdadmozilla -- hostname spoofing bug

When processing URIs that contain an unqualified host name-- specifically, a domain name of only one component-- Mozilla will perform matching against the first component of the domain name in SSL certificates. In other words, in some situations, a certificate issued to "www.example.com" will be accepted as matching "www".


Discovery 2004-02-12
Entry 2004-09-30
thunderbird
< 0.7

de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
< 0.9.2

de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
le 7.2

mozilla-gtk1
linux-mozilla
linux-mozilla-devel
< 1.7

mozilla
< 1.7,2

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

CVE-2004-0765
http://bugzilla.mozilla.org/show_bug.cgi?id=234058
5d72701a-f601-11d9-bcd1-02061b08fc24firefox & mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla:

  • MFSA 2005-56 Code execution through shared function objects
  • MFSA 2005-55 XHTML node spoofing
  • MFSA 2005-54 Javascript prompt origin spoofing
  • MFSA 2005-53 Standalone applications can run arbitrary code through the browser
  • MFSA 2005-52 Same origin violation: frame calling top.focus()
  • MFSA 2005-51 The return of frame-injection spoofing
  • MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
  • MFSA 2005-49 Script injection from Firefox sidebar panel using data:
  • MFSA 2005-48 Same-origin violation with InstallTrigger callback
  • MFSA 2005-47 Code execution via "Set as Wallpaper"
  • MFSA 2005-46 XBL scripts ran even when Javascript disabled
  • MFSA 2005-45 Content-generated event vulnerabilities

Discovery 2005-07-12
Entry 2005-07-16
firefox
< 1.0.5,1

linux-firefox
< 1.0.5

mozilla
< 1.7.9,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.9

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-1937
CVE-2005-2260
CVE-2005-2261
CVE-2005-2262
CVE-2005-2263
CVE-2005-2264
CVE-2005-2265
CVE-2005-2266
CVE-2005-2267
CVE-2005-2268
CVE-2005-2269
CVE-2005-2270
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/announce/mfsa2005-45.html
http://www.mozilla.org/security/announce/mfsa2005-46.html
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.mozilla.org/security/announce/mfsa2005-48.html
http://www.mozilla.org/security/announce/mfsa2005-49.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-51.html
http://www.mozilla.org/security/announce/mfsa2005-52.html
http://www.mozilla.org/security/announce/mfsa2005-53.html
http://www.mozilla.org/security/announce/mfsa2005-54.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.mozilla.org/security/announce/mfsa2005-56.html
641859e8-eca1-11d8-b913-000c41e2cdadMutiple browser frame injection vulnerability

A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

A KDE Security Advisory reports:

A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.


Discovery 2004-08-11
Entry 2004-08-12
Modified 2004-09-14
kdelibs
< 3.2.3_3

kdebase
< 3.2.3_1

linux-opera
opera
ge 7.50 lt 7.52

firefox
< 0.9

linux-mozilla
linux-mozilla-devel
mozilla-gtk1
< 1.7

mozilla
< 1.7,2

netscape7
< 7.2

CVE-2004-0717
CVE-2004-0718
CVE-2004-0721
http://secunia.com/advisories/11978/
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch
730db824-e216-11d8-9b0a-000347a4fa7dMozilla / Firefox user interface spoofing vulnerability

The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome" through remote XUL content. Recent versions of Mozilla have been fixed to not allow untrusted documents to utilize "chrome" in this way.


Discovery 2004-07-19
Entry 2004-07-30
Modified 2004-08-15
firefox
le 0.9.1_1

linux-mozilla
le 1.7.1

linux-mozilla-devel
le 1.7.1

mozilla
le 1.7.1,2

ge 1.8.a,2 le 1.8.a2,2

mozilla-gtk1
le 1.7.1_1

CVE-2004-0764
http://bugzilla.mozilla.org/show_bug.cgi?id=22183
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=252198
http://www.nd.edu/~jsmith30/xul/test/spoof.html
http://secunia.com/advisories/12188
10832
7c188c55-0cb0-11d9-8a8a-000c41e2cdadmozilla -- NULL bytes in FTP URLs

When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP.


Discovery 2004-07-11
Entry 2004-09-22
Modified 2004-09-24
firefox
< 0.9.3

linux-mozilla
linux-mozilla-devel
< 1.7.2

mozilla
< 1.7.2,2

ge 1.8.a,2

mozilla-gtk1
< 1.7.2

CVE-2004-0760
http://bugzilla.mozilla.org/show_bug.cgi?id=250906
7d2aac52-9c6b-11d9-99a7-000a95bc6faemozilla -- heap buffer overflow in GIF image processing

A Mozilla Foundation Security Advisory states:

An (sic) GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.


Discovery 2005-03-10
Entry 2005-03-24
firefox
< 1.0.2,1

thunderbird
linux-firefox
< 1.0.2

mozilla
< 1.7.6,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-0399
http://www.mozilla.org/security/announce/mfsa2005-30.html
http://xforce.iss.net/xforce/alerts/id/191
https://bugzilla.mozilla.org/show_bug.cgi?id=285595
84630f4a-cd8c-11da-b7b9-000c6ec775d9mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2006-29 Spoofing with translucent windows
  • MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
  • MFSA 2006-26 Mail Multiple Information Disclosure
  • MFSA 2006-25 Privilege escalation through Print Preview
  • MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
  • MFSA 2006-23 File stealing by changing input type
  • MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
  • MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
  • MFSA 2006-19 Cross-site scripting using .valueOf.call()
  • MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
  • MFSA 2006-17 cross-site scripting through window.controllers
  • MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
  • MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
  • MFSA 2006-14 Privilege escalation via XBL.method.eval
  • MFSA 2006-13 Downloading executables with "Save Image As..."
  • MFSA 2006-12 Secure-site spoof (requires security warning dialog)
  • MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
  • MFSA 2006-10 JavaScript garbage-collection hazard audit
  • MFSA 2006-09 Cross-site JavaScript injection using event handlers

Discovery 2006-04-13
Entry 2006-04-16
Modified 2006-04-27
firefox
< 1.0.8,1

gt 1.5.*,1 lt 1.5.0.2,1

linux-firefox
< 1.5.0.2

mozilla
< 1.7.13,2

ge 1.8.*,2

linux-mozilla
< 1.7.13

linux-mozilla-devel
gt 0

seamonkey
linux-seamonkey
< 1.0.1

thunderbird
mozilla-thunderbird
< 1.5.0.2

CVE-2006-1790
179014
252324
329500
350262
488774
736934
813230
842094
932734
935556
968814
CVE-2006-0749
CVE-2006-1045
CVE-2006-1529
CVE-2006-1530
CVE-2006-1531
CVE-2006-1723
CVE-2006-1724
CVE-2006-1725
CVE-2006-1726
CVE-2006-1727
CVE-2006-1728
CVE-2006-1729
CVE-2006-1730
CVE-2006-1731
CVE-2006-1732
CVE-2006-1733
CVE-2006-1734
CVE-2006-1735
CVE-2006-1736
CVE-2006-1737
CVE-2006-1738
CVE-2006-1739
CVE-2006-1740
CVE-2006-1741
CVE-2006-1742
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
TA06-107A
8665ebb9-2237-11da-978e-0001020eed82firefox & mozilla -- buffer overflow vulnerability

Tom Ferris reports:

A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host.

The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead.

Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the What Firefox and Mozilla users should know about the IDN buffer overflow security issue web page.


Discovery 2005-09-08
Entry 2005-09-10
Modified 2005-10-26
firefox
< 1.0.6_5,1

linux-firefox
< 1.0.7

mozilla
< 1.7.11_1,2

ge 1.8.*,2 lt 1.8.b1_5,2

linux-mozilla
< 1.7.12

linux-mozilla-devel
gt 0

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

14784
573857
CVE-2005-2871
http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387
http://www.mozilla.org/security/idn.html
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
http://www.mozilla.org/security/announce/mfsa2005-57.html
8d823883-0ca9-11d9-8a8a-000c41e2cdadmozilla -- built-in CA certificates may be overridden

Under some situations, Mozilla will automatically import a certificate from an email message or web site. This behavior can be used as a denial-of-service attack: if the certificate has a distinguished name (DN) identical to one of the built-in Certificate Authorities (CAs), then Mozilla will no longer be able to certify sites with certificates issued from that CA.


Discovery 2004-06-29
Entry 2004-09-22
firefox
< 0.9.3

linux-mozilla
linux-mozilla-devel
< 1.7.2

mozilla
< 1.7.2,2

ge 1.8.a,2

mozilla-gtk1
< 1.7.2

CVE-2004-0758
https://bugzilla.mozilla.org/show_bug.cgi?id=249004
160360
http://banquo.inf.ethz.ch:8080/
8f5dd74b-2c61-11da-a263-0001020eed82firefox & mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues:

Heap overrun in XBM image processing

jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to install or run malicious code on the user's machine.

Thunderbird does not support the XBM format and is not affected by this flaw.

Crash on "zero-width non-joiner" sequence

Mats Palmgren discovered that a reported crash on Unicode sequences with "zero-width non-joiner" characters was due to stack corruption that may be exploitable.

XMLHttpRequest header spoofing

It was possible to add illegal and malformed headers to an XMLHttpRequest. This could have been used to exploit server or proxy flaws from the user's machine, or to fool a server or proxy into thinking a single request was a stream of separate requests. The severity of this vulnerability depends on the value of servers which might be vulnerable to HTTP request smuggling and similar attacks, or which share an IP address (virtual hosting) with the attacker's page.

For users connecting to the web through a proxy this flaw could be used to bypass the same-origin restriction on XMLHttpRequests by fooling the proxy into handling a single request as multiple pipe-lined requests directed at arbitrary hosts. This could be used, for example, to read files on intranet servers behind a firewall.

Object spoofing using XBL

moz_bug_r_a4 demonstrated a DOM object spoofing bug similar to MFSA 2005-55 using an XBL control that an internal interface. The severity depends on the version of Firefox: investigation so far indicates Firefox 1.0.x releases don't expose any vulnerable functionality to interfaces spoofed in this way, but that early Deer Park Alpha 1 versions did.

XBL was changed to no longer allow unprivileged controls from web content to implement XPCOM interfaces.

JavaScript integer overflow

Georgi Guninski reported an integer overflow in the JavaScript engine. We presume this could be exploited to run arbitrary code under favorable conditions.

Privilege escalation using about: scheme

heatsync and shutdown report two different ways to bypass the restriction on loading high privileged "chrome" pages from an unprivileged "about:" page. By itself this is harmless--once the "about" page's privilege is raised the original page no longer has access--but should this be combined with a same-origin violation this could lead to arbitrary code execution.

Chrome window spoofing

moz_bug_r_a4 demonstrates a way to get a blank "chrome" canvas by opening a window from a reference to a closed window. The resulting window is not privileged, but the normal browser UI is missing and can be used to construct a spoof page without any of the safety features of the browser chrome designed to alert users to phishing sites, such as the address bar and the status bar.


Discovery 2005-09-22
Entry 2005-09-23
Modified 2005-10-26
firefox
< 1.0.7,1

linux-firefox
< 1.0.7

mozilla
< 1.7.12,2

ge 1.8.*,2

linux-mozilla
< 1.7.12

linux-mozilla-devel
gt 0

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-2701
CVE-2005-2702
CVE-2005-2703
CVE-2005-2704
CVE-2005-2705
CVE-2005-2706
CVE-2005-2707
http://www.mozilla.org/security/announce/mfsa2005-58.html
a4fd8f53-05eb-11d9-b45d-000c41e2cdadmozilla -- SOAPParameter integer overflow

zen-parse discovered and iDEFENSE reported an exploitable integer overflow in a scriptable Mozilla component `SOAPParameter':

Improper input validation to the SOAPParameter object constructor in Netscape and Mozilla allows execution of arbitrary code. The SOAPParameter object's constructor contains an integer overflow which allows controllable heap corruption. A web page can be constructed to leverage this into remote execution of arbitrary code.


Discovery 2004-08-02
Entry 2004-09-14
Modified 2004-09-22
firefox
< 0.9

linux-mozilla
linux-mozilla-devel
mozilla-gtk1
< 1.7

mozilla
< 1.7,2

netscape7
< 7.2

CVE-2004-0722
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
a6427195-c2c7-11d9-89f7-02061b08fc24mozilla -- privilege escalation via non-DOM property overrides

A Mozilla Foundation Security Advisory reports:

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41.

The Mozilla Foundation Security Advisory MFSA 2005-41 reports:

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu.


Discovery 2005-05-11
Entry 2005-05-12
firefox
< 1.0.4,1

linux-firefox
< 1.0.4

mozilla
< 1.7.8,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.8

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

http://www.mozilla.org/security/announce/mfsa2005-44.html
a77849a5-696f-11d9-ae49-000c41e2cdadmozilla -- insecure permissions for some downloaded files

In a Mozilla bug report, Daniel Kleinsinger writes:

I was comparing treatment of attachments opened directly from emails on different platforms. I discovered that Linux builds save attachments in /tmp with world readable rights. This doesn't seem like a good thing. Couldn't someone else logged onto the same machine read your attachments?

This could expose the contents of downloaded files or email attachments to other users on a multi-user system.


Discovery 2004-07-13
Entry 2005-01-18
thunderbird
< 0.9

de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
< 1.0.r2,1

de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
le 7.2

mozilla-gtk1
linux-mozilla
linux-mozilla-devel
< 1.7.5

mozilla
< 1.7.5,2

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

https://bugzilla.mozilla.org/show_bug.cgi?id=251297
http://marc.theaimsgroup.com/?l=full-disclosure&m=109865078103911
a7e0d783-131b-11d9-bc4a-000c41e2cdadmozilla -- users may be lured into bypassing security dialogs

According to the Mozilla project:

An attacker who could lure users into clicking in particular places, or typing specific text, could cause a security permission or software installation dialog to pop up under the user's mouse click, clicking on the grant (or install) button.


Discovery 2004-06-05
Entry 2004-09-30
thunderbird
< 0.7

de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
< 0.9.2

de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
le 7.2

mozilla-gtk1
linux-mozilla
linux-mozilla-devel
< 1.7

mozilla
< 1.7,2

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

CVE-2004-0762
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
a81746a1-c2c7-11d9-89f7-02061b08fc24mozilla -- "Wrapped" javascript: urls bypass security checks

A Mozilla Foundation Security Advisory reports:

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also be used to perform cross-site scripting.

Georgi Guninski demonstrated the same flaw wrapping javascript: urls with the jar: pseudo-protocol.

L. David Baron discovered a nested variant that defeated checks in the script security manager.

Workaround: Disable Javascript


Discovery 2005-05-11
Entry 2005-05-12
firefox
< 1.0.4,1

linux-firefox
< 1.0.4

mozilla
< 1.7.8,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.8

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

http://www.mozilla.org/security/announce/mfsa2005-43.html
ab9c559e-115a-11d9-bc4a-000c41e2cdadmozilla -- BMP decoder vulnerabilities

Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution.


Discovery 2004-09-13
Entry 2004-09-28
Modified 2004-09-30
thunderbird
< 0.7.3_1

de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
linux-phoenix
phoenix
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
< 0.9.3_1

de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
le 7.2

linux-mozilla
linux-mozilla-devel
< 1.7.3

mozilla-gtk1
< 1.7.2_3

mozilla
< 1.7.2_2,2

ge 1.8.a,2 lt 1.8.a3_1,2

mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk
mozilla-gtk2
mozilla-thunderbird
linux-netscape
de-linux-netscape
fr-linux-netscape
ja-linux-netscape
ge 0

CVE-2004-0904
http://bugzilla.mozilla.org/show_bug.cgi?id=255067
TA04-261A
847200
abe47a5a-e23c-11d8-9b0a-000347a4fa7dMozilla certificate spoofing

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification.


Discovery 2004-07-25
Entry 2004-07-30
Modified 2004-08-12
firefox
ge 0.9.1 le 0.9.2

linux-mozilla
< 1.7.2

linux-mozilla-devel
< 1.7.2

mozilla
< 1.7.2,2

ge 1.8,2 le 1.8.a2,2

mozilla-gtk1
< 1.7.2

http://www.securityfocus.com/archive/1/369953
http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory
http://secunia.com/advisories/12160
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
http://www.osvdb.org/8238
10796
CVE-2004-0763
b0911985-6e2a-11d9-9557-000a95bc6faeweb browsers -- window injection vulnerabilities

A Secunia Research advisory reports:

Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

A workaround for Mozilla-based browsers is available.


Discovery 2004-12-08
Entry 2005-01-24
Modified 2005-02-26
firefox
< 1.0.1,1

mozilla
< 1.7.6,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
mozilla-gtk1
ge 0

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

kdebase
kdelibs
< 3.3.2

opera
opera-devel
linux-opera
< 7.54.20050131

http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
CVE-2004-1156
http://secunia.com/advisories/13129/
https://bugzilla.mozilla.org/show_bug.cgi?id=273699
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
http://mozillanews.org/?article_date=2004-12-08+06-48-46
CVE-2004-1157
http://secunia.com/advisories/13253/
CVE-2004-1158
http://secunia.com/advisories/13254/
http://www.kde.org/info/security/advisory-20041213-1.txt
CVE-2004-1160
http://secunia.com/advisories/13402/
b2e6d1d6-1339-11d9-bc4a-000c41e2cdadmozilla -- scripting vulnerabilities

Several scripting vulnerabilities were discovered and corrected in Mozilla:

CVE-2004-0905

javascript; links dragged onto another frame or page allows an attacker to steal or modify sensitive information from other sites. The user could be convinced to drag obscurred links in the context of a game or even a fake scrollbar. If the user could be convinced to drag two links in sequence into a separate window (not frame) the attacker would be able to run arbitrary programs.

CVE-2004-0908

Untrusted javascript code can read and write to the clipboard, stealing any sensitive data the user might have copied. Workaround: disable javascript

CVE-2004-0909

Signed scripts requesting enhanced abilities could construct the request in a way that led to a confusing grant dialog, possibly fooling the user into thinking the privilege requested was inconsequential while actually obtaining explicit permission to run and install software. Workaround: Never grant enhanced abilities of any kind to untrusted web pages.


Discovery 2004-09-13
Entry 2004-09-30
thunderbird
< 0.8

de-linux-mozillafirebird
el-linux-mozillafirebird
firefox
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
< 1.p

de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
le 7.2

mozilla-gtk1
linux-mozilla
linux-mozilla-devel
< 1.7.3

mozilla
< 1.7.3,2

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

CVE-2004-0905
CVE-2004-0908
CVE-2004-0909
http://bugzilla.mozilla.org/show_bug.cgi?id=250862
http://bugzilla.mozilla.org/show_bug.cgi?id=257523
http://bugzilla.mozilla.org/show_bug.cgi?id=253942
cbfde1cd-87eb-11d9-aa18-0001020eed82mozilla -- arbitrary code execution vulnerability

A Mozilla Foundation Security Advisory reports:

Plugins (such as flash) can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opacity setting, and if the attacker can get the victim to click at a particular spot (design some kind of simple game) you could toggle boolean preferences, some of which would make further attacks easier.

The "firescrolling" example demonstrates arbitrary code execution (in this case downloading a file) by convincing the user to scroll twice.

Workaround: Disable JavaScript.


Discovery 2005-02-24
Entry 2005-02-26
firefox
< 1.0.1,1

mozilla
< 1.7.6,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-0527
http://www.mikx.de/fireflashing/
http://www.mikx.de/firescrolling/
http://www.mozilla.org/security/announce/mfsa2005-27.html
d022754d-8839-11d9-aa18-0001020eed82mozilla -- insecure temporary directory vulnerability

A Mozilla Foundation Security Advisory reports:

A predictable name is used for the plugin temporary directory. A malicious local user could symlink this to the victim's home directory and wait for the victim to run Firefox. When Firefox shuts down the victim's directory would be erased.


Discovery 2005-02-06
Entry 2005-02-26
firefox
< 1.0.1,1

mozilla
< 1.7.6,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

http://www.mozilla.org/security/announce/mfsa2005-28.html
https://bugzilla.mozilla.org/show_bug.cgi?id=281284
e190ca65-3636-11dc-a697-000c6ec775d9mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2007-25 XPCNativeWrapper pollution
  • MFSA 2007-24 Unauthorized access to wyciwyg:// documents
  • MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
  • MFSA 2007-20 Frame spoofing while window is loading
  • MFSA 2007-19 XSS using addEventListener and setTimeout
  • MFSA 2007-18 Crashes with evidence of memory corruption

Discovery 2007-07-17
Entry 2007-07-19
Modified 2008-06-21
firefox
< 2.0.0.5,1

gt 3.*,1 lt 3.0.a2_3,1

linux-firefox
linux-thunderbird
mozilla-thunderbird
thunderbird
< 2.0.0.5

seamonkey
linux-seamonkey
< 1.1.3

linux-firefox-devel
< 3.0.a2007.12.12

linux-seamonkey-devel
< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla
gt 0

CVE-2007-3738
CVE-2007-3089
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
TA07-199A
e2a92664-1d60-11db-88cf-000c6ec775d9mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2006-56 chrome: scheme loading remote content
  • MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
  • MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
  • MFSA 2006-53 UniversalBrowserRead privilege escalation
  • MFSA 2006-52 PAC privilege escalation using Function.prototype.call
  • MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
  • MFSA 2006-50 JavaScript engine vulnerabilities
  • MFSA 2006-49 Heap buffer overwrite on malformed VCard
  • MFSA 2006-48 JavaScript new Function race condition
  • MFSA 2006-47 Native DOM methods can be hijacked across domains
  • MFSA 2006-46 Memory corruption with simultaneous events
  • MFSA 2006-45 Javascript navigator Object Vulnerability
  • MFSA 2006-44 Code execution through deleted frame reference

Discovery 2006-07-25
Entry 2006-07-27
Modified 2006-11-02
firefox
< 1.5.0.5,1

gt 2.*,1 lt 2.0_1,1

linux-firefox
< 1.5.0.5

linux-firefox-devel
< 3.0.a2006.07.26

seamonkey
linux-seamonkey
< 1.0.3

thunderbird
linux-thunderbird
mozilla-thunderbird
< 1.5.0.5

mozilla
linux-mozilla
linux-mozilla-devel
gt 0

CVE-2006-3113
CVE-2006-3677
CVE-2006-3801
CVE-2006-3802
CVE-2006-3803
CVE-2006-3804
CVE-2006-3805
CVE-2006-3806
CVE-2006-3807
CVE-2006-3808
CVE-2006-3809
CVE-2006-3810
CVE-2006-3811
CVE-2006-3812
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
e6296105-449b-11db-ba89-000c6ec775d9mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
  • MFSA 2006-63 JavaScript execution in mail via XBL
  • MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
  • MFSA 2006-61 Frame spoofing using document.open()
  • MFSA 2006-60 RSA Signature Forgery
  • MFSA 2006-59 Concurrency-related vulnerability
  • MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
  • MFSA 2006-57 JavaScript Regular Expression Heap Corruption

Discovery 2006-09-14
Entry 2006-09-15
Modified 2006-11-02
firefox
< 1.5.0.7,1

gt 2.*,1 lt 2.0_1,1

linux-firefox
< 1.5.0.7

seamonkey
linux-seamonkey
< 1.0.5

thunderbird
linux-thunderbird
mozilla-thunderbird
< 1.5.0.7

linux-firefox-devel
< 3.0.a2006.09.21

linux-seamonkey-devel
< 1.5.a2006.09.21

linux-mozilla-devel
linux-mozilla
mozilla
gt 0

20042
CVE-2006-4253
CVE-2006-4340
CVE-2006-4565
CVE-2006-4566
CVE-2006-4567
CVE-2006-4568
CVE-2006-4569
CVE-2006-4570
CVE-2006-4571
http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
e9f9d232-0cb2-11d9-8a8a-000c41e2cdadmozilla -- security icon spoofing

Under certain situations it is possible for the security icon which Mozilla displays when connected to a site using SSL to be spoofed. This could be used to make so-called "phishing attacks" more difficult to detect.


Discovery 2004-04-08
Entry 2004-09-22
firefox
< 0.9

linux-mozilla
linux-mozilla-devel
< 1.7

mozilla
< 1.7,2

mozilla-gtk1
< 1.7

CVE-2004-0761
https://bugzilla.mozilla.org/show_bug.cgi?id=240053
eca6195a-c233-11d9-804c-02061b08fc24mozilla -- code execution via javascript: IconURL vulnerability

A Mozilla Foundation Security Advisory reports:

Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

  1. The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.
  2. Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.


Discovery 2005-05-08
Entry 2005-05-11
firefox
< 1.0.4,1

linux-firefox
< 1.0.4

mozilla
< 1.7.8,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.8

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

CVE-2005-1476
CVE-2005-1477
http://www.mozilla.org/security/announce/mfsa2005-42.html
f650d5b8-ae62-11d9-a788-0001020eed82mozilla -- privilege escalation via DOM property overrides

A Mozilla Foundation Security Advisory reports:

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code ("chrome") being overly trusting of DOM nodes from the content window. Scripts in the web page can override properties and methods of DOM nodes and shadow the native values, unless steps are taken to get the true underlying values.

We found that most extensions also interacted with content DOM in a natural, but unsafe, manner. Changes were made so that chrome code using this natural DOM coding style will now automatically use the native DOM value if it exists without having to use cumbersome wrapper objects.

Most of the specific exploits involved tricking the privileged code into calling eval() on an attacker-supplied script string, or the equivalent using the Script() object. Checks were added in the security manager to make sure eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privileges of the context calling them.

Workaround: Disable Javascript


Discovery 2005-04-15
Entry 2005-04-16
firefox
< 1.0.3,1

linux-firefox
< 1.0.3

mozilla
< 1.7.7,2

ge 1.8.*,2

linux-mozilla
linux-mozilla-devel
< 1.7.7

ge 1.8.*

netscape7
ge 0

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
ge 0

de-linux-netscape
de-netscape7
fr-linux-netscape
fr-netscape7
ja-linux-netscape
ja-netscape7
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk1
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
pt_BR-netscape7
ge 0

http://www.mozilla.org/security/announce/mfsa2005-41.html
f9e3e60b-e650-11d8-9b0a-000347a4fa7dlibpng stack-based buffer overflow and other code concerns

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).


Discovery 2004-08-04
Entry 2004-08-04
Modified 2004-08-15
png
le 1.2.5_7

linux-png
le 1.0.14_3

ge 1.2 le 1.2.2

firefox
< 0.9.3

thunderbird
< 0.7.3

linux-mozilla
< 1.7.2

linux-mozilla-devel
< 1.7.2

mozilla
< 1.7.2,2

ge 1.8.a,2 le 1.8.a2,2

mozilla-gtk1
< 1.7.2

netscape-communicator
netscape-navigator
le 4.78

linux-netscape-communicator
linux-netscape-navigator
ko-netscape-navigator-linux
ko-netscape-communicator-linux
ja-netscape-communicator-linux
ja-netscape-navigator-linux
le 4.8

netscape7
ja-netscape7
le 7.1

pt_BR-netscape7
fr-netscape7
de-netscape7
le 7.02

http://www.securityfocus.com/archive/1/370853
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.osvdb.org/8312
http://www.osvdb.org/8313
http://www.osvdb.org/8314
http://www.osvdb.org/8315
http://www.osvdb.org/8316
CVE-2004-0597
CVE-2004-0598
CVE-2004-0599
388984
236656
160448
477512
817368
286464
http://secunia.com/advisories/12219
http://secunia.com/advisories/12232
http://bugzilla.mozilla.org/show_bug.cgi?id=251381
TA04-217A
http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt