< Back to JetLib.com

jesse-ruderman

« Expand/Collapse

107 items tagged "jesse ruderman"

November 21, 2012
15:03
Ubuntu Security Notice USN-1638-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:03
Ubuntu Security Notice USN-1638-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:03
Ubuntu Security Notice USN-1638-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:03
Ubuntu Security Notice USN-1636-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.
Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:03
Ubuntu Security Notice USN-1636-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.
Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:03
Ubuntu Security Notice USN-1636-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.
Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:02
Ubuntu Security Notice USN-1638-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:02
Ubuntu Security Notice USN-1638-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

15:02
Ubuntu Security Notice USN-1638-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

October 12, 2012
16:38
Ubuntu Security Notice USN-1611-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.
Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

16:38
Ubuntu Security Notice USN-1611-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.
Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

16:38
Ubuntu Security Notice USN-1611-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1611-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. CVE-2012-4191) David Bloom and Jordi Chancel discovered that Thunderbird did not always properly handle the element. If a user were tricked into opening a malicious website and had JavaScript enabled, a remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.
Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

October 09, 2012
16:55
Ubuntu Security Notice USN-1600-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1600-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. David Bloom and Jordi Chancel discovered that Firefox did not always properly handle the select element. A remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.
Tags: ubuntu firefox security jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption

16:55
Ubuntu Security Notice USN-1600-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1600-1 - Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. David Bloom and Jordi Chancel discovered that Firefox did not always properly handle the select element. A remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. Various other issues were also addressed.
Tags: ubuntu firefox security jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption

September 11, 2012
12:59
Ubuntu Security Notice USN-1548-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

12:59
Ubuntu Security Notice USN-1548-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

12:59
Ubuntu Security Notice USN-1548-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

August 30, 2012
14:28
Ubuntu Security Notice USN-1551-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

14:28
Ubuntu Security Notice USN-1551-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

14:28
Ubuntu Security Notice USN-1551-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

August 29, 2012
17:36
Ubuntu Security Notice USN-1548-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

17:36
Ubuntu Security Notice USN-1548-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

17:36
Ubuntu Security Notice USN-1548-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

July 18, 2012
17:12
Ubuntu Security Notice USN-1509-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1509-2 - USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
Tags: ubuntu address firefox brad-lassey chris-jones brian-smith benoit-jacob gary-kwong mario-gomes christian-holler jesse-ruderman

17:12
Ubuntu Security Notice USN-1509-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1509-2 - USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
Tags: ubuntu address firefox brad-lassey chris-jones brian-smith benoit-jacob gary-kwong mario-gomes christian-holler jesse-ruderman

July 17, 2012
17:37
Ubuntu Security Notice USN-1510-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1510-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

17:37
Ubuntu Security Notice USN-1510-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1510-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

17:37
Ubuntu Security Notice USN-1510-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1510-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

15:19
Ubuntu Security Notice USN-1509-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

15:19
Ubuntu Security Notice USN-1509-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

15:19
Ubuntu Security Notice USN-1509-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1509-1 - Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Various other issues were also addressed.
Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

June 27, 2012
7:32
Ubuntu Security Notice USN-1463-6
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
Tags: ubuntu notice security brian-bondy igor-bukanov boris-zbarsky andrew-mccreight christian-holler jesse-ruderman bill-mccloskey memory-safety

June 22, 2012
13:24
Ubuntu Security Notice USN-1463-4
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.
Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

13:24
Ubuntu Security Notice USN-1463-4
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.
Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

13:24
Ubuntu Security Notice USN-1463-4
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.
Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

June 06, 2012
16:39
Ubuntu Security Notice USN-1463-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
Tags: ubuntu notice security brian-bondy igor-bukanov boris-zbarsky andrew-mccreight christian-holler jesse-ruderman bill-mccloskey memory-safety
May 05, 2012
18:30
Ubuntu Security Notice USN-1430-3
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1430-3 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

18:30
Ubuntu Security Notice USN-1430-3
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1430-3 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

April 27, 2012
13:16
Ubuntu Security Notice USN-1430-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

13:16
Ubuntu Security Notice USN-1430-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

13:16
Ubuntu Security Notice USN-1430-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

13:13
Ubuntu Security Notice USN-1430-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1430-2 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. Various other issues were also addressed.
Tags: ubuntu firefox security julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

13:13
Ubuntu Security Notice USN-1430-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1430-2 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. Various other issues were also addressed.
Tags: ubuntu firefox security julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

February 08, 2012
8:15
Ubuntu Security Notice USN-1350-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1350-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

8:15
Ubuntu Security Notice USN-1350-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1350-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

8:15
Ubuntu Security Notice USN-1350-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1350-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

8:15
Ubuntu Security Notice USN-1353-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.
Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

8:15
Ubuntu Security Notice USN-1353-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.
Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

8:15
Ubuntu Security Notice USN-1353-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.
Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

January 24, 2012
10:04
Ubuntu Security Notice USN-1343-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

10:04
Ubuntu Security Notice USN-1343-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

10:04
Ubuntu Security Notice USN-1343-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

January 06, 2012
16:28
Ubuntu Security Notice USN-1306-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1306-2 - USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Various other issues were also addressed.
Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

16:28
Ubuntu Security Notice USN-1306-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1306-2 - USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Various other issues were also addressed.
Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

16:28
Ubuntu Security Notice USN-1306-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1306-2 - USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Various other issues were also addressed.
Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

16:27
Ubuntu Security Notice USN-1306-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1306-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

16:27
Ubuntu Security Notice USN-1306-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1306-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

16:27
Ubuntu Security Notice USN-1306-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1306-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

October 05, 2011
16:00
Debian Security Advisory 2317-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 2317-1 - Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.
Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

16:00
Debian Security Advisory 2317-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2317-1 - Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.
Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

16:00
Debian Security Advisory 2317-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 2317-1 - Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.
Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

8:20
Ubuntu Security Notice USN-1222-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

8:20
Ubuntu Security Notice USN-1222-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

8:20
Ubuntu Security Notice USN-1222-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

September 30, 2011
8:11
Ubuntu Security Notice USN-1222-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

8:11
Ubuntu Security Notice USN-1222-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

8:11
Ubuntu Security Notice USN-1222-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

September 29, 2011
16:26
Ubuntu Security Notice USN-1213-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

16:26
Ubuntu Security Notice USN-1213-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

16:26
Ubuntu Security Notice USN-1213-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

September 28, 2011
15:51
Ubuntu Security Notice USN-1210-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg

15:51
Ubuntu Security Notice USN-1210-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg

15:51
Ubuntu Security Notice USN-1210-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg

June 22, 2011
23:19
Ubuntu Security Notice USN-1157-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.
Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz

23:19
Ubuntu Security Notice USN-1157-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.
Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz

23:19
Ubuntu Security Notice USN-1157-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.
Tags: user attacker firefox christian-biesinger igor-bukanov jordi-chancel martin-barbella kevin-brosnan jesse-ruderman christoph-diehl daniel-veditz

23:17
Ubuntu Security Notice USN-1157-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: ubuntu firefox security daniel-veditz christian-biesinger igor-bukanov martin-barbella gary-kwong kevin-brosnan jesse-ruderman bill-mccloskey

23:17
Ubuntu Security Notice USN-1157-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1157-1 - Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
Tags: ubuntu firefox security daniel-veditz christian-biesinger igor-bukanov martin-barbella gary-kwong kevin-brosnan jesse-ruderman bill-mccloskey

April 30, 2011
9:44
Ubuntu Security Notice USN-1121-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1121-1 - Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.
Tags: code attacker firefox michael-wu boris-zbarsky chris-evans gary-kwong jesse-ruderman ted-mielczarek ian-beer arbitrary-code

9:44
Ubuntu Security Notice USN-1121-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1121-1 - Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.
Tags: code attacker firefox michael-wu boris-zbarsky chris-evans gary-kwong jesse-ruderman ted-mielczarek ian-beer arbitrary-code

9:44
Ubuntu Security Notice USN-1121-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1121-1 - Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.
Tags: code attacker firefox michael-wu boris-zbarsky chris-evans gary-kwong jesse-ruderman ted-mielczarek ian-beer arbitrary-code

March 07, 2011
11:55
Ubuntu Security Notice USN-1049-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman

11:55
Ubuntu Security Notice USN-1049-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman

11:55
Ubuntu Security Notice USN-1049-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
Tags: ubuntu browser security igor-bukanov zach-hoffman martijn-wargers gary-kwong christian-holler henry-sivonen jeff-walden jesse-ruderman

March 03, 2011
8:15
Ubuntu Security Notice USN-1050-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman

8:15
Ubuntu Security Notice USN-1050-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman

8:15
Ubuntu Security Notice USN-1050-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
Tags: code ubuntu browser igor-bukanov jordi-chancel gary-kwong martijn-wargers roberto-suggi jeff-walden henry-sivonen jesse-ruderman

December 09, 2010
19:26
Ubuntu Security Notice USN-1020-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.
Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

19:26
Ubuntu Security Notice USN-1020-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.
Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

19:26
Ubuntu Security Notice USN-1020-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1020-1 - Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. The new OTS font sanitizing library was added to mitigate these issues.
Tags: ubuntu notice security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

7:12
Ubuntu Security Notice USN-1019-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.
Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

7:12
Ubuntu Security Notice USN-1019-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.
Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

7:12
Ubuntu Security Notice USN-1019-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 1019-1 - Security issues have been addressed in firefox. Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. It was discovered that Firefox did not properly verify the about:blank location elements when it was opened via window.open(). It was discovered that Firefox did not properly handle elements when processing a XUL tree. Marc Schoenefeld and Christoph Diehl discovered several problems when handling downloadable fonts. Various other issues have also been addressed.
Tags: ubuntu firefox security marc-schoenefeld igor-bukanov andreas-gal jesse-ruderman brian-hackett nils christoph-diehl memory-issues

October 20, 2010
18:00
USN-998-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
Tags: javascript attacker thunderbird eduardo-vela igor-bukanov dmitri-gribenkodmitri gary-kwong martijn-wargers alexander-miller paul-nickerson jesse-ruderman

18:00
USN-998-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 998-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
Tags: javascript attacker thunderbird eduardo-vela igor-bukanov dmitri-gribenkodmitri gary-kwong martijn-wargers alexander-miller paul-nickerson jesse-ruderman

September 18, 2010
14:01
USN-978-2.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster

14:01
USN-978-2.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster

September 08, 2010
21:01
USN-975-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html firefox security igor-bukanov matt-haggard gary-kwong chris-rohlf collin-jackson jeff-walden jesse-ruderman jason-oster
21:01
USN-978-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster

21:01
USN-975-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html firefox security igor-bukanov matt-haggard gary-kwong chris-rohlf collin-jackson jeff-walden jesse-ruderman jason-oster
21:01
USN-978-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
Tags: html thunderbird security igor-bukanov matt-haggard gary-kwong chris-rohlf jeff-walden collin-jackson jesse-ruderman jason-oster

April 09, 2010
22:00
USN-920-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.
Tags: browser firefox usn martijn-wargers jesse-ruderman josh-soref paul-stone browser-engine firebug ehsan
22:00
USN-921-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.
Tags: browser firefox security martijn-wargers jesse-ruderman henry-sudhof josh-soref paul-stone mail-handler external-mail browser-engine

22:00
USN-920-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.
Tags: browser firefox usn martijn-wargers jesse-ruderman josh-soref paul-stone browser-engine firebug ehsan
22:00
USN-921-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.
Tags: browser firefox security martijn-wargers jesse-ruderman henry-sudhof josh-soref paul-stone mail-handler external-mail browser-engine

March 18, 2010
19:44
USN-915-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments.
Tags: flaw thunderbird usn sid-stamm jesse-ruderman ludovic-hirlimann josh-soref javascript-engine binhex ludovic

19:44
USN-915-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments.
Tags: flaw thunderbird usn sid-stamm jesse-ruderman ludovic-hirlimann josh-soref javascript-engine binhex ludovic

jetlib.sec » Tags » jesse-ruderman

Feeds

107 items tagged "jesse ruderman"

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user code ubuntu ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: user ubuntu firefox ed-morley julian-seward boris-zbarsky andrew-mccreight gary-kwong christian-holler chris-lord jesse-ruderman

Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

Tags: javascript user website jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption malicious-website

Tags: ubuntu firefox security jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption

Tags: ubuntu firefox security jordi-chancel christian-holler david-bloom jesse-ruderman dalili henrik-skupin memory-corruption

Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

Tags: user ubuntu firefox private-browsing jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman

Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

Tags: ubuntu notice security jason-smith daniel-holbert gary-kwong andrew-sutherland steve-fink christian-holler jesse-ruderman john-schoenick

Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

Tags: user ubuntu firefox jason-smith daniel-holbert gary-kwong steve-fink christian-holler andrew-sutherland jesse-ruderman abhishek-arya

Tags: ubuntu address firefox brad-lassey chris-jones brian-smith benoit-jacob gary-kwong mario-gomes christian-holler jesse-ruderman

Tags: ubuntu address firefox brad-lassey chris-jones brian-smith benoit-jacob gary-kwong mario-gomes christian-holler jesse-ruderman

Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

Tags: user ubuntu thunderbird brad-lassey chris-jones brian-smith benoit-jacob gary-kwong christian-holler jesse-ruderman bill-mccloskey

Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

Tags: ubuntu address security brad-lassey chris-jones brian-smith benoit-jacob mario-gomes gary-kwong christian-holler jesse-ruderman

Tags: ubuntu notice security brian-bondy igor-bukanov boris-zbarsky andrew-mccreight christian-holler jesse-ruderman bill-mccloskey memory-safety

Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

Tags: ubuntu firefox security brian-bondy igor-bukanov andrew-mccreight boris-zbarsky christian-holler jesse-ruderman bill-mccloskey memory-safety

Tags: ubuntu notice security brian-bondy igor-bukanov boris-zbarsky andrew-mccreight christian-holler jesse-ruderman bill-mccloskey memory-safety

Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: user ubuntu firefox julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: ubuntu firefox security julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: ubuntu firefox security julian-seward hilary-hall gary-kwong christian-holler jesse-ruderman brian-hackett bob-clary memory-safety

Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

Tags: user ubuntu thunderbird jesse-ruderman dom bob-clary application-crash memory-safety denial-of-service

Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

Tags: user ubuntu security jesse-ruderman dom bob-clary application-crash memory-safety browser-engine

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu firefox security alexandre-poirot gary-kwong jim-blandy chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: ubuntu notice security alexandre-poirot jim-blandy gary-kwong chris-blizzard christian-holler jesse-ruderman huey david-baron

Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

Tags: advisory debian security benjamin-smedberg mark-kaplan boris-zbarsky jesse-ruderman bob-clary ian-graham javascript-engine location-object

Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu website firefox benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu website security benjamin-smedberg igor-bukanov jason-orendorff boris-zbarsky andrew-mccreight gary-kwong andreas-gal jesse-ruderman

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary location-object smedberg local-file-system

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg

Tags: ubuntu notice security josh-aas benjamin-smedberg boris-zbarsky jesse-ruderman bob-clary malicious-website location-object smedberg