|
VCID-2jhf-j64s-gygy
|
Security researcher Alin Rad Pop of Secunia
Research reported a heap-based buffer overflow in Mozilla's string to
floating point number conversion routines. Using this vulnerability
an attacker could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number which
would result in improper memory allocation and the execution of an
arbitrary memory location. This vulnerability could thus be leveraged
by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used
by Mozilla appears to be essentially the same as that reported against the
libc gdtoa routine by Maksymilian Arciemowicz.
|
CVE-2009-0689
|
|
VCID-4vaj-81k4-n3a6
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3374
|
|
VCID-58z4-jhs8-kyay
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3372
|
|
VCID-5bdt-dd2k-c7gq
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3376
|
|
VCID-aw3w-yap1-u7cx
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3375
|
|
VCID-b76x-3z8j-4fa9
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3274
|
|
VCID-h68j-ht6w-jqbm
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3373
|
|
VCID-nx8g-hhbk-yyep
|
Mozilla upgraded several third party libraries used in media
rendering to address multiple memory safety and stability bugs
identified by members of the Mozilla community. Some of the bugs
discovered could potentially be used by an attacker to crash a
victim's browser and execute arbitrary code on their
computer. liboggz, libvorbis,
and liboggplay were all upgraded to address these
issues.Audio and video capabilities were added in Firefox 3.5
so prior releases of Firefox were not affected.
|
CVE-2009-3370
|
|
VCID-yn4z-ymst-1bew
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
allow execution of arbitrary code or local privilege escalation.
|
CVE-2009-3380
|