This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-09-15 18:04:00 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
ab9c559e-115a-11d9-bc4a-000c41e2cdad | mozilla -- BMP decoder vulnerabilities Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution. Discovery 2004-09-13 Entry 2004-09-28 Modified 2004-09-30 thunderbird < 0.7.3_1 de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird linux-phoenix phoenix ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird < 0.9.3_1 de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 <= 7.2 linux-mozilla linux-mozilla-devel < 1.7.3 mozilla-gtk1 < 1.7.2_3 mozilla < 1.7.2_2,2 >= 1.8.a,2 lt 1.8.a3_1,2 mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk mozilla-gtk2 mozilla-thunderbird linux-netscape de-linux-netscape fr-linux-netscape ja-linux-netscape >= 0 CVE-2004-0904 http://bugzilla.mozilla.org/show_bug.cgi?id=255067 TA04-261A 847200 |
d022754d-8839-11d9-aa18-0001020eed82 | mozilla -- insecure temporary directory vulnerability A Mozilla Foundation Security Advisory reports:
Discovery 2005-02-06 Entry 2005-02-26 firefox < 1.0.1,1 mozilla < 1.7.6,2 linux-mozilla linux-mozilla-devel < 1.7.6 netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 http://www.mozilla.org/security/announce/mfsa2005-28.html https://bugzilla.mozilla.org/show_bug.cgi?id=281284 |
730db824-e216-11d8-9b0a-000347a4fa7d | Mozilla / Firefox user interface spoofing vulnerability The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome" through remote XUL content. Recent versions of Mozilla have been fixed to not allow untrusted documents to utilize "chrome" in this way. Discovery 2004-07-19 Entry 2004-07-30 Modified 2004-08-15 firefox <= 0.9.1_1 linux-mozilla <= 1.7.1 linux-mozilla-devel <= 1.7.1 mozilla <= 1.7.1,2 >= 1.8.a,2 le 1.8.a2,2 mozilla-gtk1 <= 1.7.1_1 CVE-2004-0764 http://bugzilla.mozilla.org/show_bug.cgi?id=22183 http://bugzilla.mozilla.org/show_bug.cgi?id=244965 http://bugzilla.mozilla.org/show_bug.cgi?id=252198 http://www.nd.edu/~jsmith30/xul/test/spoof.html http://secunia.com/advisories/12188 10832 |
5360a659-131c-11d9-bc4a-000c41e2cdad | mozilla -- hostname spoofing bug When processing URIs that contain an unqualified host name-- specifically, a domain name of only one component-- Mozilla will perform matching against the first component of the domain name in SSL certificates. In other words, in some situations, a certificate issued to "www.example.com" will be accepted as matching "www". Discovery 2004-02-12 Entry 2004-09-30 thunderbird < 0.7 de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird < 0.9.2 de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 <= 7.2 mozilla-gtk1 linux-mozilla linux-mozilla-devel < 1.7 mozilla < 1.7,2 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix >= 0 CVE-2004-0765 http://bugzilla.mozilla.org/show_bug.cgi?id=234058 |
cbfde1cd-87eb-11d9-aa18-0001020eed82 | mozilla -- arbitrary code execution vulnerability A Mozilla Foundation Security Advisory reports:
Workaround: Disable JavaScript. Discovery 2005-02-24 Entry 2005-02-26 firefox < 1.0.1,1 mozilla < 1.7.6,2 linux-mozilla linux-mozilla-devel < 1.7.6 netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-0527 http://www.mikx.de/fireflashing/ http://www.mikx.de/firescrolling/ http://www.mozilla.org/security/announce/mfsa2005-27.html |
a6427195-c2c7-11d9-89f7-02061b08fc24 | mozilla -- privilege escalation via non-DOM property overrides A Mozilla Foundation Security Advisory reports:
The Mozilla Foundation Security Advisory MFSA 2005-41 reports:
Discovery 2005-05-11 Entry 2005-05-12 firefox < 1.0.4,1 linux-firefox < 1.0.4 mozilla < 1.7.8,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.8 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 http://www.mozilla.org/security/announce/mfsa2005-44.html |
12bd6ecf-c430-11db-95c5-000c6ec775d9 | mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.
Discovery 2007-02-23 Entry 2007-02-24 Modified 2007-04-19 firefox < 1.5.0.10,1 > 2.*,1 lt 2.0.0.2,1 linux-firefox < 1.5.0.10 lightning < 0.3.1 seamonkey linux-seamonkey < 1.0.8 >= 1.1 lt 1.1.1 thunderbird linux-thunderbird mozilla-thunderbird < 1.5.0.10 linux-firefox-devel < 3.0.a2007.04.18 linux-seamonkey-devel < 1.5.a2007.04.18 firefox-ja linux-mozilla-devel linux-mozilla mozilla > 0 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0776 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-1092 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html |
abe47a5a-e23c-11d8-9b0a-000347a4fa7d | Mozilla certificate spoofing Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification. Discovery 2004-07-25 Entry 2004-07-30 Modified 2004-08-12 firefox >= 0.9.1 le 0.9.2 linux-mozilla < 1.7.2 linux-mozilla-devel < 1.7.2 mozilla < 1.7.2,2 >= 1.8,2 le 1.8.a2,2 mozilla-gtk1 < 1.7.2 http://www.securityfocus.com/archive/1/369953 http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory http://secunia.com/advisories/12160 http://bugzilla.mozilla.org/show_bug.cgi?id=253121 http://www.osvdb.org/8238 10796 CVE-2004-0763 |
e6296105-449b-11db-ba89-000c6ec775d9 | mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.
Discovery 2006-09-14 Entry 2006-09-15 Modified 2006-11-02 firefox < 1.5.0.7,1 > 2.*,1 lt 2.0_1,1 linux-firefox < 1.5.0.7 seamonkey linux-seamonkey < 1.0.5 thunderbird linux-thunderbird mozilla-thunderbird < 1.5.0.7 linux-firefox-devel < 3.0.a2006.09.21 linux-seamonkey-devel < 1.5.a2006.09.21 linux-mozilla-devel linux-mozilla mozilla > 0 20042 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4570 CVE-2006-4571 http://www.mozilla.org/security/announce/2006/mfsa2006-57.html http://www.mozilla.org/security/announce/2006/mfsa2006-58.html http://www.mozilla.org/security/announce/2006/mfsa2006-59.html http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-61.html http://www.mozilla.org/security/announce/2006/mfsa2006-62.html http://www.mozilla.org/security/announce/2006/mfsa2006-63.html http://www.mozilla.org/security/announce/2006/mfsa2006-64.html |
641859e8-eca1-11d8-b913-000c41e2cdad | Mutiple browser frame injection vulnerability A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:
A KDE Security Advisory reports:
Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/. Discovery 2004-08-11 Entry 2004-08-12 Modified 2004-09-14 kdelibs < 3.2.3_3 kdebase < 3.2.3_1 linux-opera opera >= 7.50 lt 7.52 firefox < 0.9 linux-mozilla linux-mozilla-devel mozilla-gtk1 < 1.7 mozilla < 1.7,2 netscape7 < 7.2 CVE-2004-0717 CVE-2004-0718 CVE-2004-0721 http://secunia.com/advisories/11978/ http://bugzilla.mozilla.org/show_bug.cgi?id=246448 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch |
a7e0d783-131b-11d9-bc4a-000c41e2cdad | mozilla -- users may be lured into bypassing security dialogs According to the Mozilla project:
Discovery 2004-06-05 Entry 2004-09-30 thunderbird < 0.7 de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird < 0.9.2 de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 <= 7.2 mozilla-gtk1 linux-mozilla linux-mozilla-devel < 1.7 mozilla < 1.7,2 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix >= 0 CVE-2004-0762 http://bugzilla.mozilla.org/show_bug.cgi?id=162020 |
b0911985-6e2a-11d9-9557-000a95bc6fae | web browsers -- window injection vulnerabilities A Secunia Research advisory reports:
A workaround for Mozilla-based browsers is available. Discovery 2004-12-08 Entry 2005-01-24 Modified 2005-02-26 firefox < 1.0.1,1 mozilla < 1.7.6,2 linux-mozilla linux-mozilla-devel < 1.7.6 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 mozilla-gtk1 >= 0 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix >= 0 kdebase kdelibs < 3.3.2 opera opera-devel linux-opera < 7.54.20050131 http://secunia.com/secunia_research/2004-13/advisory/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ CVE-2004-1156 http://secunia.com/advisories/13129/ https://bugzilla.mozilla.org/show_bug.cgi?id=273699 https://bugzilla.mozilla.org/show_bug.cgi?id=103638 http://mozillanews.org/?article_date=2004-12-08+06-48-46 CVE-2004-1157 http://secunia.com/advisories/13253/ CVE-2004-1158 http://secunia.com/advisories/13254/ http://www.kde.org/info/security/advisory-20041213-1.txt CVE-2004-1160 http://secunia.com/advisories/13402/ |
a81746a1-c2c7-11d9-89f7-02061b08fc24 | mozilla -- "Wrapped" javascript: urls bypass security checks A Mozilla Foundation Security Advisory reports:
Discovery 2005-05-11 Entry 2005-05-12 firefox < 1.0.4,1 linux-firefox < 1.0.4 mozilla < 1.7.8,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.8 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 http://www.mozilla.org/security/announce/mfsa2005-43.html |
b2e6d1d6-1339-11d9-bc4a-000c41e2cdad | mozilla -- scripting vulnerabilities Several scripting vulnerabilities were discovered and corrected in Mozilla:
Discovery 2004-09-13 Entry 2004-09-30 thunderbird < 0.8 de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird < 1.p de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 <= 7.2 mozilla-gtk1 linux-mozilla linux-mozilla-devel < 1.7.3 mozilla < 1.7.3,2 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix >= 0 CVE-2004-0905 CVE-2004-0908 CVE-2004-0909 http://bugzilla.mozilla.org/show_bug.cgi?id=250862 http://bugzilla.mozilla.org/show_bug.cgi?id=257523 http://bugzilla.mozilla.org/show_bug.cgi?id=253942 |
a77849a5-696f-11d9-ae49-000c41e2cdad | mozilla -- insecure permissions for some downloaded files In a Mozilla bug report, Daniel Kleinsinger writes:
This could expose the contents of downloaded files or email attachments to other users on a multi-user system. Discovery 2004-07-13 Entry 2005-01-18 thunderbird < 0.9 de-linux-mozillafirebird el-linux-mozillafirebird firefox ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird < 1.0.r2,1 de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 <= 7.2 mozilla-gtk1 linux-mozilla linux-mozilla-devel < 1.7.5 mozilla < 1.7.5,2 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix >= 0 https://bugzilla.mozilla.org/show_bug.cgi?id=251297 http://marc.theaimsgroup.com/?l=full-disclosure&m=109865078103911 |
8f5dd74b-2c61-11da-a263-0001020eed82 | firefox & mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues:
Discovery 2005-09-22 Entry 2005-09-23 Modified 2005-10-26 firefox < 1.0.7,1 linux-firefox < 1.0.7 mozilla < 1.7.12,2 >= 1.8.*,2 linux-mozilla < 1.7.12 linux-mozilla-devel > 0 netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 http://www.mozilla.org/security/announce/mfsa2005-58.html |
3fbf9db2-658b-11d9-abad-000a95bc6fae | mozilla -- heap overflow in NNTP handler Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers:
Discovery 2004-12-29 Entry 2005-01-13 de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 > 0 mozilla-gtk1 linux-mozilla linux-mozilla-devel < 1.7.5 mozilla < 1.7.5,2 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape mozilla+ipv6 mozilla-embedded mozilla-gtk2 mozilla-gtk >= 0 CVE-2004-1316 http://isec.pl/vulnerabilities/isec-0020-mozilla.txt http://marc.theaimsgroup.com/?l=bugtraq&m=110436284718949 |
3ce8c7e2-66cf-11dc-b25f-02e0185f8d72 | mozilla -- code execution via Quicktime media-link files The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context. Discovery 2007-09-18 Entry 2007-09-19 Modified 2007-12-14 firefox < 2.0.0.7,1 linux-firefox < 2.0.0.7 seamonkey linux-seamonkey < 1.1.5 linux-firefox-devel < 3.0.a2007.12.12 linux-seamonkey-devel < 2.0.a2007.12.12 firefox-ja linux-mozilla-devel linux-mozilla mozilla > 0 CVE-2006-4965 http://www.mozilla.org/security/announce/2007/mfsa2007-28.html |
a4fd8f53-05eb-11d9-b45d-000c41e2cdad | mozilla -- SOAPParameter integer overflow zen-parse discovered and iDEFENSE reported an exploitable integer overflow in a scriptable Mozilla component `SOAPParameter':
Discovery 2004-08-02 Entry 2004-09-14 Modified 2004-09-22 firefox < 0.9 linux-mozilla linux-mozilla-devel mozilla-gtk1 < 1.7 mozilla < 1.7,2 netscape7 < 7.2 CVE-2004-0722 http://bugzilla.mozilla.org/show_bug.cgi?id=236618 |
eca6195a-c233-11d9-804c-02061b08fc24 | mozilla -- code execution via javascript: IconURL vulnerability A Mozilla Foundation Security Advisory reports:
Discovery 2005-05-08 Entry 2005-05-11 firefox < 1.0.4,1 linux-firefox < 1.0.4 mozilla < 1.7.8,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.8 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-1476 CVE-2005-1477 http://www.mozilla.org/security/announce/mfsa2005-42.html |
e190ca65-3636-11dc-a697-000c6ec775d9 | mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.
Discovery 2007-07-17 Entry 2007-07-19 Modified 2008-06-21 firefox < 2.0.0.5,1 > 3.*,1 lt 3.0.a2_3,1 linux-firefox linux-thunderbird mozilla-thunderbird thunderbird < 2.0.0.5 seamonkey linux-seamonkey < 1.1.3 linux-firefox-devel < 3.0.a2007.12.12 linux-seamonkey-devel < 2.0.a2007.12.12 firefox-ja linux-mozilla-devel linux-mozilla mozilla > 0 CVE-2007-3738 CVE-2007-3089 CVE-2007-3734 CVE-2007-3735 CVE-2007-3737 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5 http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-24.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html TA07-199A |
8665ebb9-2237-11da-978e-0001020eed82 | firefox & mozilla -- buffer overflow vulnerability Tom Ferris reports:
Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the What Firefox and Mozilla users should know about the IDN buffer overflow security issue web page. Discovery 2005-09-08 Entry 2005-09-10 Modified 2005-10-26 firefox < 1.0.6_5,1 linux-firefox < 1.0.7 mozilla < 1.7.11_1,2 >= 1.8.*,2 lt 1.8.b1_5,2 linux-mozilla < 1.7.12 linux-mozilla-devel > 0 netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 14784 573857 CVE-2005-2871 http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387 http://www.mozilla.org/security/idn.html https://bugzilla.mozilla.org/show_bug.cgi?id=307259 http://www.mozilla.org/security/announce/mfsa2005-57.html |
e2a92664-1d60-11db-88cf-000c6ec775d9 | mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.
Discovery 2006-07-25 Entry 2006-07-27 Modified 2006-11-02 firefox < 1.5.0.5,1 > 2.*,1 lt 2.0_1,1 linux-firefox < 1.5.0.5 linux-firefox-devel < 3.0.a2006.07.26 seamonkey linux-seamonkey < 1.0.3 thunderbird linux-thunderbird mozilla-thunderbird < 1.5.0.5 mozilla linux-mozilla linux-mozilla-devel > 0 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812 http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey1.0.3 http://www.mozilla.org/security/announce/2006/mfsa2006-44.html http://www.mozilla.org/security/announce/2006/mfsa2006-45.html http://www.mozilla.org/security/announce/2006/mfsa2006-46.html http://www.mozilla.org/security/announce/2006/mfsa2006-47.html http://www.mozilla.org/security/announce/2006/mfsa2006-48.html http://www.mozilla.org/security/announce/2006/mfsa2006-49.html http://www.mozilla.org/security/announce/2006/mfsa2006-50.html http://www.mozilla.org/security/announce/2006/mfsa2006-51.html http://www.mozilla.org/security/announce/2006/mfsa2006-52.html http://www.mozilla.org/security/announce/2006/mfsa2006-53.html http://www.mozilla.org/security/announce/2006/mfsa2006-54.html http://www.mozilla.org/security/announce/2006/mfsa2006-55.html http://www.mozilla.org/security/announce/2006/mfsa2006-56.html |
f650d5b8-ae62-11d9-a788-0001020eed82 | mozilla -- privilege escalation via DOM property overrides A Mozilla Foundation Security Advisory reports:
Discovery 2005-04-15 Entry 2005-04-16 firefox < 1.0.3,1 linux-firefox < 1.0.3 mozilla < 1.7.7,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.7 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 http://www.mozilla.org/security/announce/mfsa2005-41.html |
2e28cefb-2aee-11da-a263-0001020eed82 | firefox & mozilla -- command line URL shell command injection A Secunia Advisory reports:
Discovery 2005-09-06 Entry 2005-09-22 Modified 2005-10-26 firefox < 1.0.7,1 linux-firefox < 1.0.7 mozilla < 1.7.12,2 >= 1.8.*,2 linux-mozilla < 1.7.12 linux-mozilla-devel > 0 netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-2968 https://bugzilla.mozilla.org/show_bug.cgi?id=307185 http://secunia.com/advisories/16869/ http://www.mozilla.org/security/announce/mfsa2005-59.html |
8d823883-0ca9-11d9-8a8a-000c41e2cdad | mozilla -- built-in CA certificates may be overridden Under some situations, Mozilla will automatically import a certificate from an email message or web site. This behavior can be used as a denial-of-service attack: if the certificate has a distinguished name (DN) identical to one of the built-in Certificate Authorities (CAs), then Mozilla will no longer be able to certify sites with certificates issued from that CA. Discovery 2004-06-29 Entry 2004-09-22 firefox < 0.9.3 linux-mozilla linux-mozilla-devel < 1.7.2 mozilla < 1.7.2,2 >= 1.8.a,2 mozilla-gtk1 < 1.7.2 CVE-2004-0758 https://bugzilla.mozilla.org/show_bug.cgi?id=249004 160360 http://banquo.inf.ethz.ch:8080/ |
1989b511-ae62-11d9-a788-0001020eed82 | mozilla -- code execution through javascript: favicons A Mozilla Foundation Security Advisory reports:
Discovery 2005-04-12 Entry 2005-04-16 firefox < 1.0.3,1 linux-firefox < 1.0.3 mozilla < 1.7.7,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.7 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 http://www.mozilla.org/security/announce/mfsa2005-37.html |
f9e3e60b-e650-11d8-9b0a-000347a4fa7d | libpng stack-based buffer overflow and other code concerns Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service). Discovery 2004-08-04 Entry 2004-08-04 Modified 2004-08-15 png <= 1.2.5_7 linux-png <= 1.0.14_3 >= 1.2 le 1.2.2 firefox < 0.9.3 thunderbird < 0.7.3 linux-mozilla < 1.7.2 linux-mozilla-devel < 1.7.2 mozilla < 1.7.2,2 >= 1.8.a,2 le 1.8.a2,2 mozilla-gtk1 < 1.7.2 netscape-communicator netscape-navigator <= 4.78 linux-netscape-communicator linux-netscape-navigator ko-netscape-navigator-linux ko-netscape-communicator-linux ja-netscape-communicator-linux ja-netscape-navigator-linux <= 4.8 netscape7 ja-netscape7 <= 7.1 pt_BR-netscape7 fr-netscape7 de-netscape7 <= 7.02 http://www.securityfocus.com/archive/1/370853 http://scary.beasts.org/security/CESA-2004-001.txt http://www.osvdb.org/8312 http://www.osvdb.org/8313 http://www.osvdb.org/8314 http://www.osvdb.org/8315 http://www.osvdb.org/8316 CVE-2004-0597 CVE-2004-0598 CVE-2004-0599 388984 236656 160448 477512 817368 286464 http://secunia.com/advisories/12219 http://secunia.com/advisories/12232 http://bugzilla.mozilla.org/show_bug.cgi?id=251381 TA04-217A http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt |
7c188c55-0cb0-11d9-8a8a-000c41e2cdad | mozilla -- NULL bytes in FTP URLs When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP. Discovery 2004-07-11 Entry 2004-09-22 Modified 2004-09-24 firefox < 0.9.3 linux-mozilla linux-mozilla-devel < 1.7.2 mozilla < 1.7.2,2 >= 1.8.a,2 mozilla-gtk1 < 1.7.2 CVE-2004-0760 http://bugzilla.mozilla.org/show_bug.cgi?id=250906 |
45b75152-ae5f-11d9-a788-0001020eed82 | mozilla -- javascript "lambda" replace exposes memory contents A Mozilla Foundation Security Advisory reports:
Discovery 2005-04-01 Entry 2005-04-16 firefox < 1.0.3,1 linux-firefox < 1.0.3 mozilla < 1.7.7,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.7 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-0989 http://www.mozilla.org/security/announce/mfsa2005-33.html https://bugzilla.mozilla.org/show_bug.cgi?id=288688 |
5d72701a-f601-11d9-bcd1-02061b08fc24 | firefox & mozilla -- multiple vulnerabilities The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla:
Discovery 2005-07-12 Entry 2005-07-16 firefox < 1.0.5,1 linux-firefox < 1.0.5 mozilla < 1.7.9,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.9 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/announce/mfsa2005-45.html http://www.mozilla.org/security/announce/mfsa2005-46.html http://www.mozilla.org/security/announce/mfsa2005-47.html http://www.mozilla.org/security/announce/mfsa2005-48.html http://www.mozilla.org/security/announce/mfsa2005-49.html http://www.mozilla.org/security/announce/mfsa2005-50.html http://www.mozilla.org/security/announce/mfsa2005-51.html http://www.mozilla.org/security/announce/mfsa2005-52.html http://www.mozilla.org/security/announce/mfsa2005-53.html http://www.mozilla.org/security/announce/mfsa2005-54.html http://www.mozilla.org/security/announce/mfsa2005-55.html http://www.mozilla.org/security/announce/mfsa2005-56.html |
e9f9d232-0cb2-11d9-8a8a-000c41e2cdad | mozilla -- security icon spoofing Under certain situations it is possible for the security icon which Mozilla displays when connected to a site using SSL to be spoofed. This could be used to make so-called "phishing attacks" more difficult to detect. Discovery 2004-04-08 Entry 2004-09-22 firefox < 0.9 linux-mozilla linux-mozilla-devel < 1.7 mozilla < 1.7,2 mozilla-gtk1 < 1.7 CVE-2004-0761 https://bugzilla.mozilla.org/show_bug.cgi?id=240053 |
7d2aac52-9c6b-11d9-99a7-000a95bc6fae | mozilla -- heap buffer overflow in GIF image processing A Mozilla Foundation Security Advisory states:
Discovery 2005-03-10 Entry 2005-03-24 firefox < 1.0.2,1 thunderbird linux-firefox < 1.0.2 mozilla < 1.7.6,2 >= 1.8.*,2 linux-mozilla linux-mozilla-devel < 1.7.6 >= 1.8.* netscape7 >= 0 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird >= 0 de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 >= 0 CVE-2005-0399 http://www.mozilla.org/security/announce/mfsa2005-30.html http://xforce.iss.net/xforce/alerts/id/191 https://bugzilla.mozilla.org/show_bug.cgi?id=285595 |
84630f4a-cd8c-11da-b7b9-000c6ec775d9 | mozilla -- multiple vulnerabilities A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.
Discovery 2006-04-13 Entry 2006-04-16 Modified 2006-04-27 firefox < 1.0.8,1 > 1.5.*,1 lt 1.5.0.2,1 linux-firefox < 1.5.0.2 mozilla < 1.7.13,2 >= 1.8.*,2 linux-mozilla < 1.7.13 linux-mozilla-devel > 0 seamonkey linux-seamonkey < 1.0.1 thunderbird mozilla-thunderbird < 1.5.0.2 CVE-2006-1790 179014 252324 329500 350262 488774 736934 813230 842094 932734 935556 968814 CVE-2006-0749 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723 CVE-2006-1724 CVE-2006-1725 CVE-2006-1726 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.mozilla.org/security/announce/2006/mfsa2006-18.html http://www.mozilla.org/security/announce/2006/mfsa2006-19.html http://www.mozilla.org/security/announce/2006/mfsa2006-20.html http://www.mozilla.org/security/announce/2006/mfsa2006-22.html http://www.mozilla.org/security/announce/2006/mfsa2006-23.html http://www.mozilla.org/security/announce/2006/mfsa2006-25.html http://www.mozilla.org/security/announce/2006/mfsa2006-26.html http://www.mozilla.org/security/announce/2006/mfsa2006-28.html http://www.mozilla.org/security/announce/2006/mfsa2006-29.html http://www.zerodayinitiative.com/advisories/ZDI-06-010.html TA06-107A |