From 56eea3ec526b26f799e6c8367a5882ea74d09a29 Mon Sep 17 00:00:00 2001 From: Florian Smeets Date: Tue, 21 Jun 2011 20:26:57 +0000 Subject: - document recent mozilla vulnerabilities [1] - while here also document an older samba Denial of service vulnerability [2] Security: http://www.vuxml.org/freebsd/dfe40cff-9c3f-11e0-9bec-6c626dd55a41.html [1] http://www.vuxml.org/freebsd/bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41.html [2] Requested by: timur [2] --- security/vuxml/vuln.xml | 95 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2506660a0cc3..eff790606276 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,101 @@ Note: Please add new entries to the beginning of this file. --> + + mozilla -- multiple vulnerabilities + + + firefox + 3.6.*,13.6.18,1 + 4.0.*,15.0,1 + + + linux-firefox + 3.6.18,1 + + + thunderbird + 3.1.11 + + + linux-thunderbird + 3.1.11 + + + + +

The Mozilla Project reports:

+
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
+
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document + with script disabled
+
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace + images
+
MFSA 2011-22 Integer overflow and arbitrary code execution in + Array.reduceRight()
+
MFSA 2011-23 Multiple dangling pointer vulnerabilities
+
MFSA 2011-24 Cookie isolation error
+
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
+
MFSA 2011-26 Multiple WebGL crashes
+
MFSA 2011-27 XSS encoding hazard with inline SVG
+
MFSA 2011-28 Non-whitelisted site can trigger xpinstall
+

+ + + + http://www.mozilla.org/security/announce/2011/mfsa2011-19.html + http://www.mozilla.org/security/announce/2011/mfsa2011-20.html + http://www.mozilla.org/security/announce/2011/mfsa2011-21.html + http://www.mozilla.org/security/announce/2011/mfsa2011-22.html + http://www.mozilla.org/security/announce/2011/mfsa2011-23.html + http://www.mozilla.org/security/announce/2011/mfsa2011-24.html + http://www.mozilla.org/security/announce/2011/mfsa2011-25.html + http://www.mozilla.org/security/announce/2011/mfsa2011-26.html + http://www.mozilla.org/security/announce/2011/mfsa2011-27.html + http://www.mozilla.org/security/announce/2011/mfsa2011-28.html + + + 2011-06-21 + 2011-06-21 + + + + + samba -- Denial of service - memory corruption + + + samba34 + 3.4.*3.4.12 + + + samba35 + 3.5.*3.5.7 + + + + +

The Samba team reports:

+
Samba is vulnerable to a denial of service, caused by a memory + corruption error related to missing range checks on file descriptors + being used in the "FD_SET" macro. By performing a select on a bad + file descriptor set, a remote attacker could exploit this + vulnerability to cause the application to crash or possibly execute + arbitrary code on the system
+

+ + + + CVE-2011-0719 + http://www.samba.org/samba/security/CVE-2011-0719.html + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 + + + 2011-02-28 + 2011-06-21 + + + piwik -- remote command execution vulnerability -- cgit v1.2.3