Feeds
268064 items (21 unread) in 27 feeds
-
0day.today (was: 1337day, Inj3ct0r, 1337db)
-
OSVDB Vulnerabilities
-
Exploit-DB
-
SecurityFocus Vulnerabilities
-
Bugtraq
-
Full Disclosure
-
XSSed
-
Packet Storm Security Headlines (20 unread)
-
-
-
-
-
-
Sophos security news
-
-
Penetration Testing
-
SecuriTeam
-
BackTrack Linux Forums
-
Threatpost
-
SecDocs
-
carnal0wnage.attackresearch.com
-
Carnal0wnage
-
-
Darknet
-
The Exploitant
-
Hack a Day
-
Wirevolution
«
Expand/Collapse
46 items tagged "igor bukanov"
Related tags: code [+], christoph diehl [+], henry sivonen [+], browser [+], bill mccloskey [+], attacker [+], wrong context [+], website [+], thunderbird [+], nils [+], memory issues [+], matt haggard [+], marc schoenefeld [+], management code [+], malicious website [+], jordi chancel [+], jason oster [+], jason orendorff [+], html [+], collin jackson [+], chris rohlf [+], brian hackett [+], bob clary [+], benjamin smedberg [+], zach hoffman [+], user [+], notice [+], memory safety [+], martin barbella [+], kevin brosnan [+], daniel veditz [+], christian biesinger [+], brian bondy [+], paul nickerson [+], eduardo vela [+], dmitri gribenkodmitri [+], alexander miller [+], roberto suggi [+], jesse ruderman [+], ubuntu [+], security [+], gary kwong [+], robert swiecki [+], memory [+], javascript [+], daniel kozlowski [+], firefox [+], jeff walden [+], martijn wargers [+], andreas gal [+], boris zbarsky [+], andrew mccreight [+], christian holler [+]
-
Ubuntu Security Notice USN-1463-6
» Packet Storm Security Recent FilesUbuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
-
Ubuntu Security Notice USN-1463-4
» Packet Storm Security AdvisoriesUbuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety
-
Ubuntu Security Notice USN-1463-4
» Packet Storm Security Recent FilesUbuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety
-
Ubuntu Security Notice USN-1463-4
» Packet Storm Security Misc. FilesUbuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety
-
Ubuntu Security Notice USN-1463-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.Tags: ubuntu notice security brian-bondy igor-bukanov boris-zbarsky andrew-mccreight christian-holler jesse-ruderman bill-mccloskey memory-safety
-
Ubuntu Security Notice USN-1222-2
» Packet Storm Security AdvisoriesUbuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1222-2
» Packet Storm Security Recent FilesUbuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1222-2
» Packet Storm Security Misc. FilesUbuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1222-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1222-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1222-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman
-
Ubuntu Security Notice USN-1185-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1185-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1185-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1184-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1184-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1184-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1184-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges within the browser. Various other issues were also addressed.Tags: code ubuntu security igor-bukanov gary-kwong bob-clary wrong-context malicious-website management-code
-
Ubuntu Security Notice USN-1157-2
» Packet Storm Security AdvisoriesUbuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz
-
Ubuntu Security Notice USN-1157-2
» Packet Storm Security Recent FilesUbuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz
-
Ubuntu Security Notice USN-1157-2
» Packet Storm Security Misc. FilesUbuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz
-
Ubuntu Security Notice USN-1157-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.Tags: ubuntu firefox security daniel-veditz christian-biesinger igor-bukanov martin-barbella gary-kwong kevin-brosnan jesse-ruderman bill-mccloskey
-
Ubuntu Security Notice USN-1157-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.Tags: ubuntu firefox security daniel-veditz christian-biesinger igor-bukanov martin-barbella gary-kwong kevin-brosnan jesse-ruderman bill-mccloskey
-
Ubuntu Security Notice USN-1049-2
» Packet Storm Security AdvisoriesUbuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman
-
Ubuntu Security Notice USN-1049-2
» Packet Storm Security Recent FilesUbuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman
-
Ubuntu Security Notice USN-1049-2
» Packet Storm Security Misc. FilesUbuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman
-
Ubuntu Security Notice USN-1050-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman
-
Ubuntu Security Notice USN-1050-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman
-
Ubuntu Security Notice USN-1050-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman
-
Ubuntu Security Notice USN-1049-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1049-1 - Multiple vulnerabilities have been addressed in the firefox and xulrunner packages. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. Various other issues have also been addressed.Tags: memory ubuntu security igor-bukanov zach-hoffman gary-kwong martijn-wargers christian-holler daniel-kozlowski jeff-walden henry-sivonen
-
Ubuntu Security Notice USN-1049-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1049-1 - Multiple vulnerabilities have been addressed in the firefox and xulrunner packages. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. Various other issues have also been addressed.Tags: memory ubuntu security igor-bukanov zach-hoffman gary-kwong martijn-wargers christian-holler daniel-kozlowski jeff-walden henry-sivonen
-
Ubuntu Security Notice USN-1020-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
Ubuntu Security Notice USN-1020-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
Ubuntu Security Notice USN-1020-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
Ubuntu Security Notice USN-1019-1
» Packet Storm Security AdvisoriesUbuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
Ubuntu Security Notice USN-1019-1
» Packet Storm Security Recent FilesUbuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
Ubuntu Security Notice USN-1019-1
» Packet Storm Security Misc. FilesUbuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues
-
USN-998-1.txt
» Packet Storm Security Recent FilesUbuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.Tags: javascript attacker thunderbird eduardo-vela igor-bukanov dmitri-gribenkodmitri gary-kwong martijn-wargers alexander-miller paul-nickerson jesse-ruderman
-
USN-998-1.txt
» Packet Storm Security AdvisoriesUbuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.Tags: javascript attacker thunderbird eduardo-vela igor-bukanov dmitri-gribenkodmitri gary-kwong martijn-wargers alexander-miller paul-nickerson jesse-ruderman
-
USN-997-1.txt
» Packet Storm Security Recent FilesUbuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.Tags: user attacker browser eduardo-vela igor-bukanov dmitri-gribenkodmitri martijn-wargers gary-kwong robert-swiecki paul-nickerson alexander-miller
-
USN-997-1.txt
» Packet Storm Security AdvisoriesUbuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.Tags: user attacker browser eduardo-vela igor-bukanov dmitri-gribenkodmitri martijn-wargers gary-kwong robert-swiecki paul-nickerson alexander-miller
-
USN-978-2.txt
» Packet Storm Security Recent FilesUbuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster
-
USN-978-2.txt
» Packet Storm Security AdvisoriesUbuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster
-
USN-975-1.txt
» Packet Storm Security Recent FilesUbuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html firefox security igor-bukanov matt-haggard gary-kwong chris-rohlf collin-jackson jeff-walden jesse-ruderman jason-oster
-
USN-978-1.txt
» Packet Storm Security Recent FilesUbuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster
-
USN-975-1.txt
» Packet Storm Security AdvisoriesUbuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html firefox security igor-bukanov matt-haggard gary-kwong chris-rohlf collin-jackson jeff-walden jesse-ruderman jason-oster
-
USN-978-1.txt
» Packet Storm Security AdvisoriesUbuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster