Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (6)
| Vulnerability |
Summary |
Aliases |
|
VCID-2jhf-j64s-gygy
|
Security researcher Alin Rad Pop of Secunia
Research reported a heap-based buffer overflow in Mozilla's string to
floating point number conversion routines. Using this vulnerability
an attacker could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number which
would result in improper memory allocation and the execution of an
arbitrary memory location. This vulnerability could thus be leveraged
by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used
by Mozilla appears to be essentially the same as that reported against the
libc gdtoa routine by Maksymilian Arciemowicz.
|
CVE-2009-0689
|
|
VCID-49hp-8pm6-vkhr
|
security update
|
CVE-2014-1545
|
|
VCID-53kn-ev4f-dufh
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-2463
|
|
VCID-97rg-h7t5-1fhs
|
Multiple vulnerabilities have been discovered in Mozilla Network
Security Service, the worst of which could lead to Denial of Service.
|
CVE-2013-5607
|
|
VCID-ap6c-9pta-wbdz
|
security update
|
CVE-2016-1951
|
|
VCID-r1pj-wxzf-5ubj
|
Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird, the worst of which may allow user-assisted execution of
arbitrary code.
|
CVE-2015-7183
|