exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2012-1947

Status Candidate

Overview

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.

Related Files

Mandriva Linux Security Advisory 2012-088-1
Posted Jun 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | 1603e02157910f2d331b08402bdd06ee196b6de4cff5207982f9aa86d63b323f
Ubuntu Security Notice USN-1463-4
Posted Jun 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441, CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 861b51dc87677fb2e6108a42e3cff34c27ba457502d7e8c3880ae63e8d320f46
Mandriva Linux Security Advisory 2012-088
Posted Jun 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | e45d0a9ecaaa6aa2057a7a0d53316462d0da0cafa4345f6f72cf7e998d9be6ec
Debian Security Advisory 2488-1
Posted Jun 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2488-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2012-1937, CVE-2012-1940, CVE-2012-1947
SHA-256 | 4d83c16259cd017c44204760d64cee515dc170bca8b651c1c965464c5ddf84cb
Debian Security Advisory 2489-1
Posted Jun 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2489-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1937, CVE-2012-1940, CVE-2012-1947
SHA-256 | 69f085e8eee306fbae80d0470ee3fb7b7cd2709170e43ebde8de65d32dbce086
Red Hat Security Advisory 2012-0715-01
Posted Jun 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 9bf9246976f592bed20f872ed2417a507c1f7741236848f6ea9072b866a2f002
Ubuntu Security Notice USN-1463-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441, CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | a1ddfa9c7fec8efed51fe4b27376372c6d46f9f58545ac36826bbc207ecd680e
Red Hat Security Advisory 2012-0710-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0710-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 35dacc3bc54c005099a85c967e17783210b5e078aaaf9b3bef596c8289747d29
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close