Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Mozilla / Seamonkey / Thunderbird
дополнено с 1 мая 2011 г.
Опубликовано:11 мая 2011 г.
Источник:
SecurityVulns ID:11633
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, обращения по неинициализированным указателям, утечка информации, выполнение кода.
Затронутые продукты:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 MOZILLA : Firefox 4.0
CVE:CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.)
 CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.)
 CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.)
 CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.)
 CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.)
 CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.)
 CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.)
 CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer.")
 CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.)
 CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.)
 CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.)
 CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.)
 CVE-2011-0068
 CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.)
 CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.)
 CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.)
Оригинальный текстdocumentZDI, ZDI-11-158: Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-159: Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability (11.05.2011)
 documentZDI, ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability (10.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-18 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-17 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-16 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-15 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-14 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-13 (01.05.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-12 (01.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород