Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Debian: DSA 1051-1 Moderate: Mozilla Thunderbird Remote Exploits

debian
Calendar Grey May 4, 2006
Debian Logo
- --------------------------------------------------------------------------Debian Security Advisory
Updated package.

Summary


The "run-mozilla.sh" script allows local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.

CVE-2005-4134

Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]

CVE-2006-0292

The Javascript interpreter does not properly dereference objects,
which allows remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]

CVE-2006-0293

The function allocation code allows attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]

CVE-2006-0296

XULDocument.persist() did not validate the attribute name,
allowing an attacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]

CVE-2006-0748

...

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here