Debian 3.1 DSA-1192-1 Critical: Mozilla Remote Access Threats
debian
October 6, 2006
Several security related problems have been discovered in Mozilla and derived products
Topics Covered
Summary
Fernando Ribeiro discovered that a vulnerability in the getRawDER
functionallows remote attackers to cause a denial of service
(hang) and possibly execute arbitrary code.
CVE-2006-4340
Daniel Bleichenbacher recently described an implementation error
in RSA signature verification that cause the application to
incorrectly trust SSL certificates.
CVE-2006-4565, CVE-2006-4566
Priit Laes reported that that a JavaScript regular expression can
trigger a heap-based buffer overflow which allows remote attackers
to cause a denial of service and possibly execute arbitrary code.
CVE-2006-4568
A vulnerability has been discovered that allows remote attackers
to bypass the security model and inject content into the sub-frame
of another site.
CVE-2006-4570
Georgi Guninski demonstrated that even with JavaScript disabled in
mail (the default) an attacker can still execute JavaScript when a
mail message is viewed, replied to, or forw...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!