Home hacking tournaments projects friends Help Search Login Register
May 22, 2012, 09:57:26 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: THC is up and running !
 

 
advertisement:

Pages: [1]
« previous next »
  Print  
Author Topic: RSS: USN-1353-1 : xulrunner-1.9.2 vulnerabilities  (Read 13 times)
zomgwtfbbq
Challenge Coder
Administrator
Hero Member
*****

Karma: +31340/-1
Posts: I am a geek!!


thc title: thc elite
thc points: 3315
challenges: (69/83)

View Profile
« on: February 09, 2012, 05:41:04 PM »
 Share on FacebookFacebook Share
USN-1353-1 : xulrunner-1.9.2 vulnerabilities


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Jesse Ruderman and Bob Clary discovered memory safety issues
affecting the Gecko Browser engine. If the user were tricked into
opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Xulrunner.
(CVE-2012-0442)

It was discovered that the Gecko Browser engine did not properly
handle node removal in the DOM. If the user were tricked into opening
a specially crafted page, an attacker could exploit this to cause a
denial of service via application crash, or potentially execute code
with the privileges of the user invoking Xulrunner. (CVE-2011-3659)

It was discovered that memory corruption could occur during the
decoding of Ogg Vorbis files. If the user were tricked into opening a
specially crafted file, an attacker could exploit this to cause a
denial of service via application crash, or potentially execute code
with the privileges of the user invoking Xulrunner. (CVE-2012-0444)

Nicolas Gregoire and Aki Helin discovered that when processing a
malformed embedded XSLT stylesheet, Xulrunner can crash due to memory
corruption. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Xulrunner. (CVE-2012-0449)

Gregory Fleischer discovered that requests using IPv6 hostname syntax
through certain proxies might generate errors. An attacker might be
able to use this to read sensitive data from the error messages.
(CVE-2011-3670)

See also :


only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges
http://www.ubuntu.com/usn/usn-1353-1/


Solution :

Update the affected package(s).

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)



original thread:
only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges
http://www.nessus.org/plugins/index.php?view=single&id=57874
Logged

only registered users with at least 25 hack challenge points can see links:
  click here in order to visit the hack challenges


Ook al ben ik een slet toch houdt ik van je..
Pages: [1]
  Print  
« previous next »
 
Jump to:  


Related Topics
Subject Started by Replies Views Last post
RSS: USN-1401-1 : xulrunner-1.9.2 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 13 Last post March 20, 2012, 02:31:25 PM
by zomgwtfbbq
RSS: USN1011-3 : xulrunner-1.9.1, xulrunner-1.9.2 vulnerability
Latest Tools and Files 		zomgwtfbbq 0 52 Last post October 29, 2010, 08:21:37 PM
by zomgwtfbbq
RSS: USN957-1 : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 57 Last post July 26, 2010, 07:08:59 PM
by zomgwtfbbq
RSS: USN896-1 : firefox-3.5, xulrunner-1.9.1 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 33 Last post February 18, 2010, 04:50:48 PM
by zomgwtfbbq
USN853-1 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 52 Last post November 03, 2009, 12:40:54 AM
by zomgwtfbbq
USN821-1 : firefox-3.0, xulrunner-1.9 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 51 Last post September 11, 2009, 05:25:25 PM
by zomgwtfbbq
USN798-1 : firefox-3.0, xulrunner-1.9 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 52 Last post July 24, 2009, 12:59:03 AM
by zomgwtfbbq
USN779-1 : firefox-3.0, xulrunner-1.9 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 44 Last post June 15, 2009, 06:42:39 PM
by zomgwtfbbq
USN765-1 : firefox-3.0, xulrunner-1.9 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 63 Last post April 30, 2009, 03:43:37 AM
by zomgwtfbbq
USN745-1 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 70 Last post April 24, 2009, 02:43:17 PM
by zomgwtfbbq
SMF Board hacked and modded by zomgwtfbekjam aka Rembo from Tools & Design