[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: VulnerabilitiestoWindowsSystems
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Nov 13 05:20:06 PST 2009
Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 192 Published: Thu, 12 Nov 2009 18:12:43 GMT
New Fixlets:
============
***************************************************************
Title: Mozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cpp
Severity: High
Fixlet ID: 558101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5581.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3382
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
***************************************************************
Title: Remote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection function
Severity: Medium
Fixlet ID: 593501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5935.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3375
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
***************************************************************
Title: Multiple vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4
Severity: High
Fixlet ID: 599601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5996.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3383
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Arbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Severity: High
Fixlet ID: 634701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6347.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3372
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
***************************************************************
Title: vulnerabilities in liboggz, as used in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service
Severity: High
Fixlet ID: 637501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6375.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3377
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: The oggplay_data_handle_theora_frame in liboggplay in Mozilla Firefox 3.5.x before 3.5.4 to cuase denial of service
Severity: High
Fixlet ID: 644301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6443.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3378
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
***************************************************************
Title: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events
Severity: Medium
Fixlet ID: 645501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6455.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3370
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
***************************************************************
Title: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service
Severity: High
Fixlet ID: 646401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6464.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3371
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
***************************************************************
Title: Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service.
Severity: High
Fixlet ID: 649501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6495.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3381
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Mozilla Firefox Floating Point Memory Allocation Vulnerability
Severity: High
Fixlet ID: 652801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6528.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1563
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number
***************************************************************
Title: Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0
Severity: High
Fixlet ID: 654101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6541.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3376
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
***************************************************************
Title: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors.
Severity: High
Fixlet ID: 654801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6548.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3373
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
***************************************************************
Title: Vulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4
Severity: High
Fixlet ID: 656501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6565.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3374
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
***************************************************************
Title: Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of service
Severity: High
Fixlet ID: 658001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6580.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3380
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
***************************************************************
Title: Vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service
Severity: High
Fixlet ID: 658201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6582.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3379
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
More information about the WinVulns-Announcements
mailing list