[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Feb 1 05:21:25 PST 2013
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 329 Published: Thu, 31 Jan 2013 19:27:23 GMT
New Fixlets:
============
***************************************************************
Title: Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56
Severity: High
Fixlet ID: 1600001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16000.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0841
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: Use-after-free vulnerability in Google Chrome before 24.0.1312.56 via vectors related to the handling of fonts in CANVAS elements
Severity: High
Fixlet ID: 1632701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16327.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0839
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
***************************************************************
Title: Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows
Severity: High
Fixlet ID: 1633501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16335.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0840
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
***************************************************************
Title: Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames
Severity: High
Fixlet ID: 1645601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval16456.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0842
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
More information about the WinVulns-Announcements
mailing list