 |
|
|
|
| Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey | | Опубликовано: |  | 18 июля 2008 г. | | Источник: |  | MOZILLA | | SecurityVulns ID: |  | 9154 | | Тип: |  | клиент | | Опасность: |  | 7/10 | | Описание: |  | Переполнение индекса массива при разборе CSS, отказ при разборе GIF под Mac OS X, выполнение кода при запуске через обработчик URI. |
| Затронутые продукты: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | MOZILLA : Firefox 3.0 | | CVE: |  | CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.) | | | | CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.) | | | | CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.) |
|
|
|
|
|
|
|
|
