Lookup for vulnerable packages by Package URL.
| Purl | pkg:rpm/redhat/firefox@3.6.23-1?arch=el4 |
|---|
| Type | rpm |
|---|
| Namespace | redhat |
|---|
| Name | firefox |
|---|
| Version | 3.6.23-1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-2a9n-tz4u-jyep |
| vulnerability_id |
VCID-2a9n-tz4u-jyep |
| summary |
Ian Graham of Citrix Online reported that when multiple
Location headers were present in a redirect response
Mozilla behavior differed from other browsers: Mozilla would use the second
Location header while Chrome and Internet Explorer would use
the first. Two copies of this header with different values could be a symptom
of a CRLF injection attack against a vulnerable server. Most commonly it is
the Location header itself that is vulnerable to the response
splitting and therefore the copy preferred by Mozilla is more likely to be
the malicious one. It is possible, however, that the first copy was the
injected one depending on the nature of the server vulnerability.
The Mozilla browser engine has been changed to treat two copies of this
header with different values as an error condition. The same has been done
with the headers Content-Length and Content-Disposition |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-3000
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2a9n-tz4u-jyep |
|
| 1 |
| url |
VCID-413h-nkvf-wbck |
| vulnerability_id |
VCID-413h-nkvf-wbck |
| summary |
Mark Kaplan reported a potentially exploitable crash due to
integer underflow when using a large JavaScript RegExp expression.
We would also like to thank Mark for contributing the fix for this problem.
The Regular Expression engine was replaced in Firefox 4 and
the newer engine does not suffer from this bug. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-2998
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-413h-nkvf-wbck |
|
| 2 |
| url |
VCID-d18j-gp7z-kyfd |
| vulnerability_id |
VCID-d18j-gp7z-kyfd |
| summary |
Mariusz Mlynski reported that if you could convince
a user to hold down the Enter key--as part of a game or test,
perhaps--a malicious page could pop up a download dialog where the held
key would then activate the default Open action. For some file types this
would be merely annoying (the equivalent of a pop-up) but other file
types have powerful scripting capabilities. And this would provide an
avenue for an attacker to exploit a vulnerability in applications not
normally exposed to potentially hostile internet content.
Mariusz also reported a similar flaw with manual plugin installation
using the PLUGINSPAGE attribute. It was possible to create
an internal error that suppressed a confirmation dialog, such that holding
enter would lead to the installation of an arbitrary add-on. (This variant
did not affect Firefox 3.6) |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-2372
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d18j-gp7z-kyfd |
|
| 3 |
| url |
VCID-jh6n-bau7-byhg |
| vulnerability_id |
VCID-jh6n-bau7-byhg |
| summary |
Mozilla developer Boris Zbarsky reported that a frame
named "location" could shadow the window.location object unless a
script in a page grabbed a reference to the true object before the frame
was created. Because some plugins use the value of window.location to determine
the page origin this could fool the plugin into granting the plugin content
access to another site or the local file system in violation of the Same Origin
Policy. This flaw allows circumvention of the fix added for
MFSA 2010-10. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2999
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6n-bau7-byhg |
|
| 4 |
| url |
VCID-vt1n-t5vm-67cc |
| vulnerability_id |
VCID-vt1n-t5vm-67cc |
| summary |
Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird
and SeaMonkey products because scripting is disabled,, but are potentially a risk
in browser or browser-like contexts in those products. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-2995
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vt1n-t5vm-67cc |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.6.23-1%3Farch=el4 |
|---|