Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в мессенджере Pidgin / Adium
Опубликовано:19 февраля 2010 г.
Источник:
SecurityVulns ID:10632
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждение памяти при обработке сообщений SLP (MSN). Многочисленные DoS-условия.
Затронутые продукты:ADIUM : Adium 1.3
 PIDGIN : Pidgin 2.6
CVE:CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.)
 CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.)
 CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:041 ] pidgin (19.02.2010)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / SeaMonkey
дополнено с 19 февраля 2010 г.
Опубликовано:25 февраля 2010 г.
Источник:
SecurityVulns ID:10631
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, использование памяти после освобождения, межсайтовый скриптинг.
Затронутые продукты:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.0
CVE:CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.)
 CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.)
 CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.)
 CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.)
Оригинальный текстdocumentZDI, ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability (25.02.2010)
 documentSECUNIA, Secunia Research: Mozilla Firefox Memory Corruption Vulnerability (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-05 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-04 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-03 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-02 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-01 (19.02.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород