[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jul 14 05:20:13 PDT 2010
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 206 Published: Tue, 13 Jul 2010 17:49:56 GMT
New Fixlets:
============
***************************************************************
Title: Mozilla Firefox Address Bar Spoofing Vulnerability
Severity: Medium
Fixlet ID: 824801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval8248.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1206
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox before 3.6.6 does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
***************************************************************
Title: Mozilla Firefox jstracer.cpp Memory Corruption Vulnerability
Severity: High
Fixlet ID: 831701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval8317.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1203
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
More information about the WinVulns-Announcements
mailing list