[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Aug 4 05:20:11 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 209 Published: Tue, 03 Aug 2010 18:41:44 GMT
New Fixlets:
============
***************************************************************
Title: Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1095801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval10958.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2753
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and SeaMonkey 'NodeIterator' Use-after-free Vulnerability
Severity: High
Fixlet ID: 1105501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11055.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1209
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and Thunderbird Arbitrary code execution using SJOW and fast native function
Severity: Medium
Fixlet ID: 1152701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11527.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1215
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1155201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11552.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1211
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
Severity: High
Fixlet ID: 1168001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11680.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2752
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Apache 'mod_cache' and 'mod_dav' Request Handling Denial of Service Vulnerability
Severity: Medium
Fixlet ID: 1168301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11683.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1452
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
***************************************************************
Title: Mozilla Firefox and SeaMonkey Plugin Parameter 'EnsureCachedAttrParamArrays' Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1168501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11685.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1214
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and SeaMonkey Location Bar Spoofing Vulnerability
Severity: Low
Fixlet ID: 1168801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11688.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2751
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and SeaMonkey DOM Attribute Cloning Remote Code Execution Vulnerability
Severity: High
Fixlet ID: 1174001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11740.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1208
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages
Severity: Medium
Fixlet ID: 1177001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11770.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2754
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
***************************************************************
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Severity: High
Fixlet ID: 1177101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11771.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1212
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScripts
Severity: Medium
Fixlet ID: 1183501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11835.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1213
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and Thunderbird Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
Severity: Medium
Fixlet ID: 1186301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11863.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1210
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
***************************************************************
Title: Mozilla Firefox and Thunderbird Same-origin Bypass Using Canvas Context Vulnerability
Severity: Medium
Fixlet ID: 1188701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval11887.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1207
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
More information about the WinVulns-Announcements
mailing list