[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Jul 30 05:20:17 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 385 Published: Tue, 29 Jul 2014 19:58:39 GMT
New Fixlets:
============
***************************************************************
Title: Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange e
Severity: High
Fixlet ID: 2455301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24553.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1555
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs.
***************************************************************
Title: Vulnerability in Google Chrome before 36.0.1985.125, allow attackers to cause a denial of service or possibly have other impact
Severity: Medium
Fixlet ID: 2478201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24782.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3162
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
***************************************************************
Title: Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel,
Severity: Medium
Fixlet ID: 2479901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24799.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1561
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content.
***************************************************************
Title: Vulnerability in Google Chrome before 36.0.1985.125, allows remote attackers to bypass the Same Origin Policy via a crafted file
Severity: High
Fixlet ID: 2485501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24855.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3160
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability
Severity: Medium
Fixlet ID: 2486501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24865.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4261
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.
***************************************************************
Title: Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execut
Severity: High
Fixlet ID: 2491401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24914.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1544
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality
Severity: Medium
Fixlet ID: 2492701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24927.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2487
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.
***************************************************************
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
Severity: High
Fixlet ID: 2496101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24961.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1547
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability
Severity: Low
Fixlet ID: 2497901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24979.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2477
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality
Severity: Low
Fixlet ID: 2498701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24987.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2488
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.
***************************************************************
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn
Severity: High
Fixlet ID: 2500201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25002.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1548
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability
Severity: Low
Fixlet ID: 2500601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25006.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2486
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.
***************************************************************
Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerab
Severity: Medium
Fixlet ID: 2501601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25016.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1558
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates.
***************************************************************
Title: Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content,
Severity: High
Fixlet ID: 2502701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25027.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1551
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash.
***************************************************************
Title: The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a d
Severity: High
Fixlet ID: 2504101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25041.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio content.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability
Severity: Medium
Fixlet ID: 2505401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25054.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2489
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
***************************************************************
Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.
Severity: Medium
Fixlet ID: 2509001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25090.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1560
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates.
***************************************************************
Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with
Severity: Medium
Fixlet ID: 2509801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25098.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1552
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval.
***************************************************************
Title: The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to
Severity: High
Fixlet ID: 2511701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25117.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1557
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems.
***************************************************************
Title: Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio c
Severity: High
Fixlet ID: 2518901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25189.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1550
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash.
***************************************************************
Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability
Severity: Medium
Fixlet ID: 2523501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25235.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4228
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
***************************************************************
Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerab
Severity: Medium
Fixlet ID: 2526401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25264.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1559
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates.
***************************************************************
Title: Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
Severity: High
Fixlet ID: 2527901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25279.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1556
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.
More information about the WinVulns-Announcements
mailing list