Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.
Computer Hope forum e-mail issues and down time
0 Members and 1 Guest are viewing this topic.
Mozilla Firefox Multiple VulnerabilitiesSECUNIA ADVISORY ID:SA33799VERIFY ADVISORY:http://secunia.com/advisories/33799/CRITICAL:Highly criticalIMPACT:Security Bypass, Cross Site Scripting, Exposure of systeminformation, Exposure of sensitive information, System accessWHERE:>From remoteSOFTWARE:Mozilla Firefox 3.xhttp://secunia.com/advisories/product/19089/DESCRIPTION:Some vulnerabilities have been reported in Mozilla Firefox, which canbe exploited by malicious, local users to potentially disclosesensitive information, and by malicious people to conduct cross-sitescripting attacks, bypass certain security restrictions, disclosesensitive information, or potentially to compromise a user's system.1) Multiple errors in the layout engine can be exploited to causememory corruptions and potentially execute arbitrary code.2) Multiple errors in the Javascript engine can be exploited to causememory corruptions and potentially execute arbitrary code.3) A chrome XBL method can be used in combination with "window.eval"to execute arbitrary Javascript code in the context of another website4) An error when restoring a closed tab can be exploited to modify aninput control's text value, which allows e.g. to disclose the contentof a local file when a user re-opens a tab.5) An error in the processing of shortcut files can be exploited toexecute arbitrary script code with chrome privileges e.g. via an HTMLfile that loads a privileged chrome document via a .desktop shortcutfile.This is related to:SA321926) A security issue is caused due to cookies marked "HTTPOnly" beingreadable by Javascript via the "XMLHttpRequest.getResponseHeader" and"XMLHttpRequest.getAllResponseHeaders" APIs.7) A security issue is caused due to Firefox ignoring certain HTTPdirectives to not cache web pages ("Cache-Control: no-store" and"Cache-Control: no-cache" for HTTPS pages), which can be exploited todisclose potentially sensitive information via cached pages.SOLUTION:Update to version 3.0.6.
Mozilla SeaMonkey Multiple VulnerabilitiesSECUNIA ADVISORY ID:SA33808VERIFY ADVISORY:http://secunia.com/advisories/33808/CRITICAL:Highly criticalIMPACT:DoS, System access, Security BypassWHERE:>From remoteSOFTWARE:Mozilla SeaMonkey 1.1.xhttp://secunia.com/advisories/product/14383/DESCRIPTION:Some vulnerabilities have been reported in Mozilla SeaMonkey, whichcan be exploited by malicious people to bypass certain securityrestrictions or potentially to compromise a user's system.For more information see vulnerabilities #1, #2, #5, and #6 in:SA33799SOLUTION:The vendor recommends to disable Javascript until a fixed version isavailable.
Mozilla Thunderbird Memory Corruption VulnerabilitiesSECUNIA ADVISORY ID:SA33802VERIFY ADVISORY:http://secunia.com/advisories/33802/CRITICAL:Highly criticalIMPACT:DoS, System accessWHERE:>From remoteSOFTWARE:Mozilla Thunderbird 2.xhttp://secunia.com/advisories/product/14070/DESCRIPTION:Some vulnerabilities have been reported in Mozilla Thunderbird, whichcan potentially be exploited by malicious people to compromise auser's system.For more information see vulnerabilities #1 and #2 in:SA33799The vulnerabilities are reported in versions prior to 2.0.0.21.SOLUTION:The vulnerabilities will be fixed in an upcoming version 2.0.0.21.The vendor recommends to disable Javascript until an update isavailable.
Author
Topic: Firefox, SeaMonkey, Thunderbird vulnerabilities - all highly critical! (Read 4996 times)
