Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
1bc694bb7364fe045af2c603420b4ce5c13f78d79389c7548df6bc16771c9714
Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
503b3e80fd666c5b552b19fdd7eca8d7aca2731d1cbcf9e0be54a272cdad137f
Ubuntu Security Notice 943-1 - Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
5f4b9bab6b156cbfa289cb3fb4a86f53b13d222f4d6bd2c47f5c03d4c208980c
Ubuntu Security Notice 930-3 - USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
d96e955e633c21c2b944cddb9d5f07a0fd30a9997df75ae04a38e81f45a41e0c
Ubuntu Security Notice 930-2 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
2282ea869070c4f073fc68a309300eefd4fb95813150c6f42ff73d5464ec59db
Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present.
5ba99b42ca2ade1b51a703dba5a5165bc265badbcd5ab61ee997c9e06d231033
Mandriva Linux Security Advisory 2010-126 - Multiple vulnerabilities has been found and corrected in mozilla-thunderbird.
577535c1f4fc4adabec4af9da3d89d9a8dc0f93328ba93d9d6fe46095d25bff7
Zero Day Initiative Advisory 10-063 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in between documents with a specific timing while triggering garbage collection. If timed correctly Firefox will incorrectly reference a previously freed object which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
9c7ad254629c79915b92c11c16f31ff0bbd4373b79057b34df63cf3e74ad91b5