Mozilla Firefox 3.6 is prone to a use-after-free vulnerability in OBJECT mChannel that allows an attacker to execute arbitrary code.
63492638eb8f2df03de0dbf8395d34343238283febf9e9f33e6d25a0779b6e12
This Metasploit module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This Metasploit module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
5a6e9352732f91f5a6195ee7559b47f8ad02806dc4da4347ae745625e1ce1deb
This Metasploit module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This Metasploit module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
ef3c210a23b0931c66277ed381e60454ce4fd75aaa512a25b6fab13362a9a96f
Ubuntu Security Notice 1122-3 - USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Various other issues were also addressed
fcbe2acfdfc2dc9d4671f12b4fd20c3af797b24bac4bbc35088a7f1e63975b32
Debian Linux Security Advisory 2235-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
004f26951b64ddf5048affa53c3e4860e72e310acb89923d1677e2def604574d
Zero Day Initiative Advisory 11-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. |mChannel| will become a dangling pointer, allowing an attacker to execute arbitrary code under the context of the user running the browser.
baf5cb4b2ab7dca06997273264474bc5c5809fb5af3408db491c5a0a763de998
Ubuntu Security Notice 1122-2 - USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Multiple other vulnerabilities were also addressed.
ed069d3b5e33561496691a93fcacfaa216af0053b89c9815c07159b843b01c7d
Ubuntu Security Notice 1122-1 - It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Multiple other vulnerabilities were also addressed.
3003590628e9612fcefacccee2790941e0c013352e03bd3c1f72ab35dfbc7ca4
Debian Linux Security Advisory 2228-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
078486b1e8f5b88faea2f516d6b56bfc112bf90d660d1a22609bc809f5526969
Debian Linux Security Advisory 2227-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
cd32b5302d6b4adfe7810b2d9e4975f20501c8da8a4d10b526805c5c18636305
Mandriva Linux Security Advisory 2011-079 - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. Various other issues were also addressed.
1c95ea9cdefc67e8ee438446205a5ef410e3cfc12f3fd1aea55221701e09723d
Ubuntu Security Notice 1123-1 - A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
107e7026a0d71242cee52a86cd3fd92ca9fb2ae7bce238e4916c6c3fc152ee22
Ubuntu Security Notice 1112-1 - Multiple vulnerabilities have been identified and fixed in Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. It was discovered that Firefox incorrectly handled certain JavaScript requests. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. Various other issues were also addressed.
11059296a4b90b8dea1f0da2aba7f9a9c45481614b445a52cac0efc190a17503