[CVENEW] New CVE CANs: 2006/06/02 15:00 ; count=7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



======================================================
Name: CVE-2006-2779
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
Reference: CERT-VN:VU#466673
Reference: URL:http://www.kb.cert.org/vuls/id/466673

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested <option> tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to memory corruption.



======================================================
Name: CVE-2006-2780
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
Reference: CERT-VN:VU#466673
Reference: URL:http://www.kb.cert.org/vuls/id/466673

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4
allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via "jsstr tagify," which leads to
memory corruption.



======================================================
Name: CVE-2006-2781
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-40.html

Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code via a VCard that
contains invalid base64 characters.



======================================================
Name: CVE-2006-2782
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-41.html

Firefox 1.5.0.2 does not fix all test cases associated with
CVE-2006-1729, which allows remote attackers to read arbitrary files
by inserting the target filename into a text box, then turning that
box into a file upload control.



======================================================
Name: CVE-2006-2783
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-42.html

Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode
Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to
the parser, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a BOM sequence in the middle of a
dangerous tag such as SCRIPT.



======================================================
Name: CVE-2006-2784
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-36.html

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows
remote user-complicit attackers to execute privileged code by tricking
a user into installing missing plugins and selecting the "Manual
Install" button, then using nested javascript: URLs.  NOTE: the manual
install button is used for downloading software from a remote web
site, so this issue would not cross privilege boundaries if the user
progresses to the point of installing malicious software from the
attacker-controlled site.



======================================================
Name: CVE-2006-2785
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20060602
Category: 
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-34.html

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
1.5.0.4 allows user-complicit remote attackers to inject arbitrary web
script or HTML by tricking a user into (1) performing a "View Image"
on a broken image in which the SRC attribute contains a Javascript
URL, or (2) selecting "Show only this frame" on a frame whose SRC
attribute contains a Javascript URL.




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux