[CVENEW] New CVE CANs: 2006/06/02 14:00 ; count=4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



======================================================
Name: CVE-2006-2775
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
Reference: CERT-VN:VU#243153
Reference: URL:http://www.kb.cert.org/vuls/id/243153

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XZUL
attributes with the wrong URL under certain unspecified circumstances,
which might allow remote attackers to bypass restrictions by causing a
persisted string to be associated with the wrong URL.



======================================================
Name: CVE-2006-2776
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
Reference: CERT-VN:VU#575969
Reference: URL:http://www.kb.cert.org/vuls/id/575969

Certain privileged UI code in Mozilla Firefox and Thunderbird before
1.5.0.4 calls content-defined setters on an object prototype, which
allows remote attackers to execute code at a higher privilege than
intended.



======================================================
Name: CVE-2006-2777
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
Reference: CERT-VN:VU#237257
Reference: URL:http://www.kb.cert.org/vuls/id/237257

Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary
code by using the nsISelectionPrivate interface of the Selection
object to add a SelectionListener and create notifications that are
executed in a privileged context.



======================================================
Name: CVE-2006-2778
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
Reference: CERT-VN:VU#421529
Reference: URL:http://www.kb.cert.org/vuls/id/421529

The crypto.signText function in Mozilla Firefox and Thunderbird before
1.5.0.4 allows remote attackers to execute arbitrary code via certain
optional Certificate Authority name arguments, which causes an invalid
array index and triggers a buffer overflow.



--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux