Lookup for vulnerable packages by Package URL.
| Purl | pkg:rpm/redhat/xulrunner@1.9.2.11-2?arch=el5 |
|---|
| Type | rpm |
|---|
| Namespace | redhat |
|---|
| Name | xulrunner |
|---|
| Version | 1.9.2.11-2 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-4w5k-qnky-ybdy |
| vulnerability_id |
VCID-4w5k-qnky-ybdy |
| summary |
Security researcher Sergey Glazunov reported that
it was possible to access the locationbar property of
a window object after it had been closed. Since the
closed window's memory could have been subsequently
reused by the system it was possible that an attempt to access
the locationbar property could result in the execution of
attacker-controlled memory. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3180
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5k-qnky-ybdy |
|
| 1 |
| url |
VCID-5mat-a9vu-nfff |
| vulnerability_id |
VCID-5mat-a9vu-nfff |
| summary |
Google security researcher Robert Swiecki reported
that functions used by the Gopher parser to convert text to HTML tags
could be exploited to turn text into executable JavaScript. If an
attacker could create a file or directory on a Gopher server with the
encoded script as part of its name the script would then run in a
victim's browser within the context of the site. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3177
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5mat-a9vu-nfff |
|
| 2 |
| url |
VCID-c81m-9s68-zbgx |
| vulnerability_id |
VCID-c81m-9s68-zbgx |
| summary |
Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3176
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c81m-9s68-zbgx |
|
| 3 |
| url |
VCID-fm6v-97ps-qkb1 |
| vulnerability_id |
VCID-fm6v-97ps-qkb1 |
| summary |
Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3175
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fm6v-97ps-qkb1 |
|
| 4 |
| url |
VCID-hcjp-8k4f-fuhf |
| vulnerability_id |
VCID-hcjp-8k4f-fuhf |
| summary |
Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an inconsistent state
with sections of stack memory being overwritten with the string data.
An attacker could use this flaw to crash a victim's browser and
potentially run arbitrary code on their computer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3179
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjp-8k4f-fuhf |
|
| 5 |
| url |
VCID-jjg5-q8kj-yyg9 |
| vulnerability_id |
VCID-jjg5-q8kj-yyg9 |
| summary |
Security researcher Eduardo Vela Nava reported that
if a web page opened a new window and used a javascript: URL to make a
modal call, such as alert(), then subsequently navigated
the page to a different domain, once the modal call returned the
opener of the window could get access to objects in the navigated
window. This is a violation of the same-origin policy and could be
used by an attacker to steal information from another web site. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3178
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jjg5-q8kj-yyg9 |
|
| 6 |
| url |
VCID-kvg8-pa7m-2bfg |
| vulnerability_id |
VCID-kvg8-pa7m-2bfg |
| summary |
Security researcher Richard Moore reported that
when an SSL certificate was created with a common name containing a
wildcard followed by a partial IP address a valid SSL connection could be
established with a server whose IP address matched the wildcard range
by browsing directly to the IP address. It is extremely unlikely that
such a certificate would be issued by a Certificate Authority. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3170
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kvg8-pa7m-2bfg |
|
| 7 |
| url |
VCID-nhbn-aqde-vue5 |
| vulnerability_id |
VCID-nhbn-aqde-vue5 |
| summary |
Mozilla cryptographer Nelson Bolyard reported that
the SSL implementation was permitting servers to use Diffie-Hellman
Ephemeral mode (DHE) with too short of a minimum key length. DHE keys
of such lengths are trivially breakable on modern hardware so SSL
servers operating in this mode were providing very little effective
security for their clients. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3173
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbn-aqde-vue5 |
|
| 8 |
| url |
VCID-qn4t-s1ek-vkcm |
| vulnerability_id |
VCID-qn4t-s1ek-vkcm |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that
when window.__lookupGetter__ is called with no arguments
the code assumes the top JavaScript stack value is a property name.
Since there were no arguments passed into the function, the top value
could represent uninitialized memory or a pointer to a previously
freed JavaScript object. Under such circumstances the value is passed
to another subroutine which calls through the dangling pointer,
potentially executing attacker-controlled memory. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-3183
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4t-s1ek-vkcm |
|
| 9 |
| url |
VCID-wwk8-bpv8-zyhh |
| vulnerability_id |
VCID-wwk8-bpv8-zyhh |
| summary |
Mozilla developer Ehsan Akhgari reported that a
function used to load external libraries on Windows platforms was
using a relative path to a DLL-loading application and was thus
vulnerable to binary planting if an attacker was able to place an
executable of the same name in the current working directory or any of
the other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to
launch Mozilla applications on Linux was effectively including the
current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place into the
current working directory a malicious shared library with the same
name as a library that the bootstrapping script depends on the
attacker could have their library loaded instead of the legitimate
library. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3182
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk8-bpv8-zyhh |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xulrunner@1.9.2.11-2%3Farch=el5 |
|---|