exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2008-2785

Status Candidate

Overview

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

Related Files

Debian Linux Security Advisory 1697-1
Posted Jan 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836
SHA-256 | 5f3741463ecc48ccf8ae4ebfd405196b887e872bd1b70b5a03ec77dabc5422bc
Gentoo Linux Security Advisory 200808-3
Posted Aug 6, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-03 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.16 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1380, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933
SHA-256 | f7ccc3b43cd5bbe95a3c5751dd9add265fff6b82e81dacde4ef97e2cc742415f
Ubuntu Security Notice 626-2
Posted Aug 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.

tags | advisory, web, denial of service, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 208d9fa4ec91bae0914c869ff66a50adc922a82314b1dfa26695559e72d2bd49
Ubuntu Security Notice 626-1
Posted Jul 29, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 626-1 - Multiple vulnerabilities in Firefox and xulrunner were addressed related to denial of service and splitting issues.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933, CVE-2008-2934
SHA-256 | 9d634e80f76191cdd15b2b4e0a11ca3c4cb89114f8cae5e64178d060845cffcf
Mandriva Linux Security Advisory 2008-155
Posted Jul 28, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | dbca2c291e326b6ba9c90f4a0212519e0799cfb0cfa010fc788bf50a34fa8c40
Debian Linux Security Advisory 1621-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | d9e9b17ae430792b3892c2e8cc7aba7e6dc8661a98936f7ac20724829756f2a5
Mandriva Linux Security Advisory 2008-155
Posted Jul 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | 1a1feb90c9988e61bcb518e33f6acd3b11f0f3d648503d3f2efaccfd1b4f80c9
Ubuntu Security Notice 629-1
Posted Jul 25, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 629-1 - Various flaws in the mozilla-thunderbird package have been addressed including improper handling, weaknesses, denial of service, and code execution issues.

tags | advisory, denial of service, code execution
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811
SHA-256 | 82ca639d83f57cdecdc577ad31c3dbae3194fd8e8d787de42f0f0097c3e1344d
Debian Linux Security Advisory 1615-1
Posted Jul 23, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933
SHA-256 | 1293a230aec19d4794ad667b0743ae3a6d411870c09bf514b6c912b80f087494
Debian Linux Security Advisory 1614-1
Posted Jul 23, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1614-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 59ff1e0473a5b291feb220328e663ac8016843d8bd53f10e2bf2127d720e8f71
Mandriva Linux Security Advisory 2008-148
Posted Jul 18, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 76eba6f73b6e7d2a8516126a241390c9d29ff38bdb15204ca28713e69a032f18
Zero Day Initiative Advisory 08-044
Posted Jul 17, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. Properly manipulated this can result in arbitrary code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2008-2785
SHA-256 | 49b0435fa9254e135d0b6f015bfd3fa93464f303ac00234d23f8fee521f7a163
Ubuntu Security Notice 623-1
Posted Jul 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.

tags | advisory, web, denial of service, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2008-2785, CVE-2008-2933
SHA-256 | 742712b79adb44ac6f189292da21ee47a7e298cb82d206626f47d0691011053a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close