Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13082
Тип:клиент
Уровень опасности:
8/10
Описание:Утечка информации, многочисленные использования памяти после освобождения.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability.")
 CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.)
 CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.)
 CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability.")
 CVE-2013-1311 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability.")
 CVE-2013-1310 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability.")
 CVE-2013-1309 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.)
 CVE-2013-1308 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551.)
 CVE-2013-1307 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.)
 CVE-2013-1306 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313.)
 CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability.")
 CVE-2013-0811 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own) (27.05.2013)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own) (27.05.2013)
Файлы:Microsoft Security Bulletin MS13-037 - Critical Cumulative Security Update for Internet Explorer (2829530)
 Microsoft Security Bulletin MS13-038 - Critical Security Update for Internet Explorer (2847204)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13083
Тип:библиотека
Уровень опасности:
7/10
Описание:DoS против http.sys, многочисленные повешение привилегий в ядре, подмена сигнатуры и обход авторизации в .Net
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-1337 (Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability.")
 CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability.")
 CVE-2013-1334 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability.")
 CVE-2013-1333 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability.")
 CVE-2013-1332 (dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability.")
 CVE-2013-1305 (HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-039 - Important Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
 Microsoft Security Bulletin MS13-046 - Important Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
 Microsoft Security Bulletin MS13-040 - Important Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

Выполнение кода в Microsof Lync
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13084
Тип:удаленная
Уровень опасности:
7/10
Описание:Использование памяти после освобождения.
Затронутые продукты:MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
 MICROSOFT : Lync Server 2013
CVE:CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability.")
 CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-041 - Important Vulnerability in Lync Could Allow Remote Code Execution (2834695)

Многочисленные уязвимости безопасности в Microsoft Office
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13085
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера, целочисленные переполнения, повреждения памяти и т.п.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2013-1335 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability.")
 CVE-2013-1329 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability.")
 CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability.")
 CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability.")
 CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability.")
 CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability.")
 CVE-2013-1321 (Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability.")
 CVE-2013-1320 (Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability.")
 CVE-2013-1319 (Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability.")
 CVE-2013-1318 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability.")
 CVE-2013-1317 (Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability.")
 CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-042 - Important Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
 Microsoft Security Bulletin MS13-043 - Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

Утечка информации в Microsoft Visio
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13086
Тип:клиент
Уровень опасности:
5/10
Описание:Утечка информации через внешние entity XML.
Затронутые продукты:MICROSOFT : Visio 2003
 MICROSOFT : Visio 2007
 MICROSOFT : Visio 2010
CVE:CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-044 - Important Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

Утечка информации в Microsoft Windows Essentials
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13087
Тип:клиент
Уровень опасности:
5/10
Описание:Некорректная обработка URL в Microsoft Writer.
Затронутые продукты:MICROSOFT : Windows Essentials 2011
 MICROSOFT : Windows Essentials 2012
CVE:CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-045 - Important Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

Утечка информации в HP-UX Directory Server
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13090
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.31
CVE:CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.)
 CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information (27.05.2013)

Многочисленные уязвимости безопасности в Apple QuickTime
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13091
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти при разборе различных форматов и протоколов.
Затронутые продукты:APPLE : QuickTime 7.7
CVE:CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.)
 CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.)
 CVE-2013-1020 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.)
 CVE-2013-1019 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2013-1018 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2013-1017 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.)
 CVE-2013-1016 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.)
 CVE-2013-1015 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.)
 CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.)
 CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.)
 CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.)
 CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-05-22-1 QuickTime 7.7.4 (27.05.2013)

Многочисленные уязвимости безопасности в Apple iTunes
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13092
Тип:клиент
Уровень опасности:
7/10
Описание:Проблемы с проверкой сертификата, многочисленные повреждения памяти.
Затронутые продукты:APPLE : iTunes 11.0
CVE:CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.)
 CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.)
 CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.)
 CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion.")
 CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.)
 CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.)
 CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-05-16-1 iTunes 11.0.3 (27.05.2013)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 4 мая 2013 г.
Опубликовано:27 мая 2013 г.
Источник:
SecurityVulns ID:13038
Тип:библиотека
Уровень опасности:
8/10
Описание:Повышение привилегий через перенаправление вывода suid-процесса, повышение привилегий через сокеты unix, утечка информации в файловых системах UDF и ISO, повреждение памяти в драйвере i915, многочисленные уязвимости в KVM, повышение привилегий через ext3, утечки информации в netlink.
Затронутые продукты:LINUX : kernel 3.8
CVE:CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.)
 CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.)
 CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.)
 CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.)
 CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.)
 CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.)
 CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.)
 CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.)
 CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.)
 CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.)
 CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.)
 CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.)
 CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.)
 CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.)
Оригинальный текстdocumentUBUNTU, [USN-1833-1] Linux kernel vulnerabilities (27.05.2013)
 documentUBUNTU, [USN-1813-1] Linux kernel vulnerabilities (04.05.2013)
 documentUBUNTU, [USN-1815-1] Linux kernel vulnerabilities (04.05.2013)

Уязвимости безопасности в X-серверах и библиотеках
дополнено с 27 мая 2013 г.
Опубликовано:17 июня 2013 г.
Источник:
SecurityVulns ID:13089
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные целочисленные переполнения, переполнения буфера, повреждения памяти и т.п.
Затронутые продукты:LIBDMX : libdmx 1.1
 LIBXV : libxv 1.0
 LIBXVMC : libxvmc 1.0
 XORG : libxfixes 5.0
 XORG : libxrender 0.9
 XORG : mesa 8.0
 XORG : xserver-xorg-video-openchrome 0.2
 XORG : libxt 1.1
 XORG : libxcursor 1.1
 XORG : libxext 1.3
 XORG : libxi 1.6
 XORG : libxrandr 1.3
 XORG : libxp 1.0
 XORG : libxcb 1.8
 XORG : libfs 1.0
 XORG : libxres 1.0
 XORG : libxtst 1.2
 XORG : libxxf86dga 1.1
 XORG : libxinerama 1.1
 XORG : libxxf86vm 1.1
 LIBX11 : libx11 1.5
CVE:CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.)
 CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.)
 CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.)
 CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.)
 CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.)
 CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.)
 CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.)
 CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.)
 CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.)
 CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.)
 CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.)
 CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.)
 CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.)
 CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.)
 CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.)
 CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.)
 CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.)
 CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.)
 CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.)
 CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.)
 CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.)
 CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.)
 CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.)
 CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.)
 CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.)
 CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.)
 CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.)
 CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.)
 CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.)
 CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2704-1] mesa security update (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2693-1] libx11 security update (03.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2675-2] libxvmc regression update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2692-1] libxxf86vm security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2691-1] libxinerama security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2690-1] libxxf86dga security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2689-1] libxtst security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2688-1] libxres security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2687-1] libfs security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2686-1] libxcb security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2685-1] libxp security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2684-1] libxrandr security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2683-1] libxi security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2682-1] libxext security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2681-1] libxcursor security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2680-1] libxt security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2679-1] xserver-xorg-video-openchrome security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2678-1] mesa security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2677-1] libxrender security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2676-1] libxfixes security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2675-1] libxvmc security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2674-1] libxv security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2673-1] libdmx security update (27.05.2013)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 27 мая 2013 г.
Опубликовано:10 июля 2013 г.
Источник:
SecurityVulns ID:13088
Тип:клиент
Уровень опасности:
9/10
Описание:Повреждения памяти, использования после освобождения, повышения привилегий, утечка информации.
Затронутые продукты:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 20.0
CVE:CVE-2013-1681 (Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-1679 (Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.)
 CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.)
 CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.)
 CVE-2013-1673 (The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path.")
 CVE-2013-1672 (The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.)
 CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.)
 CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.)
 CVE-2013-1669 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities (10.07.2013)
Файлы:Mozilla Foundation Security Advisory 2013-41
 Mozilla Foundation Security Advisory 2013-42
 Mozilla Foundation Security Advisory 2013-43
 Mozilla Foundation Security Advisory 2013-44
 Mozilla Foundation Security Advisory 2013-45
 Mozilla Foundation Security Advisory 2013-46
 Mozilla Foundation Security Advisory 2013-47
 Mozilla Foundation Security Advisory 2013-48

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород