 |  |  |  |  |  |  |  |
Seek, and You Shall Find - vulnerabilities
 |
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
Multiple vulnerabilities in Mozilla products
Original release date: September 17, 2004
Last revised: --
Source: US-CERT
Systems Affected
Mozilla software, including the following:
Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
I. Description
Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes:
VU#414240 - Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp
Mozilla Mail contains a stack overflow vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. This can be exploited in the preview mode as well.
VU#847200 - Mozilla contains integer overflows in bitmap image decoder
A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#808216 - Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler
There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a malicious POP3 server to execute arbitrary code on the affected system.
VU#327560 - Mozilla "send page" feature contains a buffer overflow vulnerability
There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code.
VU#651928 - Mozilla allows arbitrary code execution via link dragging
A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source.
Multiple vulnerabilities in Mozilla products
Original release date: September 17, 2004
Last revised: --
Source: US-CERT
Systems Affected
Mozilla software, including the following:
- Mozilla web browser, email and newsgroup client
- Firefox web browser
- Thunderbird email client
Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
I. Description
Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes:
VU#414240 - Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp
Mozilla Mail contains a stack overflow vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. This can be exploited in the preview mode as well.
VU#847200 - Mozilla contains integer overflows in bitmap image decoder
A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#808216 - Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system.
VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler
There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a malicious POP3 server to execute arbitrary code on the affected system.
VU#327560 - Mozilla "send page" feature contains a buffer overflow vulnerability
There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code.
VU#651928 - Mozilla allows arbitrary code execution via link dragging
A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source.
|
Similar Threads
- Guidelines before posting (DaniWeb Community Feedback)
- Finding a word from a text/html file by position of previous word (Python)
- PGP Security Features? (IT Professionals' Lounge)
- Theoretical question: poly root finding (secant method) (Computer Science)
- I want your code (C++)
- Frequency of characters entered. (C)
- searching for an answer (Community Introductions)
- Tell us about yourself! (Community Introductions)
Other Threads in the Geeks' Lounge Forum
- Previous Thread: glade to join
- Next Thread: Sending mail without knowing - being used by remote robot?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Geeks' Lounge Posts
- Today's Posts
- Unanswered Threads
advice apple article bankruptcy bear bot chat children code cognitive_disorder comedy complaint consoles convert cracked.com design development election empty facebook feed financialcrisis fun future game games gaming google grandtheftauto halo3 happiness hardware hunting information internet kids kindle language larnyx library life linux love lynx mad madden manly marketing microsoft murder netbook neuropathology news nintendo obama odf olympics os pain parentalcontrol parenting planning playstation population ps3 ps4 python research rss school sims software sony starteam stocks study subversion survey tablet thelostanddamned time timeisonmyside. tinfoil_hat unused usarmy vapid videogames viruses walmart wave wii windows windows_wins world worldofwarcraft wow www xbox xbox360 zomg_conspiracy
