exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-2753

Status Candidate

Overview

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.

Related Files

Mandriva Linux Security Advisory 2010-169
Posted Sep 3, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.

tags | advisory, remote, web, vulnerability
systems | linux, mandriva
advisories | CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211
SHA-256 | 45f0606cdf50c63612fe075a15b23fbeb663ddfc86721985a414ed37a510c2dd
Debian Linux Security Advisory 2075-1
Posted Jul 28, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2010-0182, CVE-2010-0654, CVE-2010-1205, CVE-2010-1208, CVE-2010-1211, CVE-2010-1214, CVE-2010-2751, CVE-2010-2753, CVE-2010-2754
SHA-256 | 092cd6fcae7be8a7336bf071b7e24a49ce0e54b973c54ce339cf692b2a748f70
Ubuntu Security Notice 958-1
Posted Jul 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output.

tags | advisory, web, overflow
systems | linux, ubuntu
advisories | CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
SHA-256 | 5419ae4fb245c6c535395ea9b94b38b179ed987669180fa8c3c08cbbe2746990
Ubuntu Security Notice 957-1
Posted Jul 23, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754
SHA-256 | 102cde32fa8d891e54788fea852e8b6a825b5afe8a3b7b8afa40b6db0cea7fcf
Zero Day Initiative Advisory 10-131
Posted Jul 21, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL <tree> element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-2753
SHA-256 | 010284d7af17bbb1cb31c4f81196ce20998a307bacdd100723e6a9f36e76bf1c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close