Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryhigh severityfirefoxUbuntu 18.04: 2020-455 High Severity: Firefox JavaScript Flaw
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2007-642 2007-07-20 ---------------------------------------------------------------------Product : Fedora Core 6 Name : firefox Version : 1.5.0.12 Release : 4.fc6 Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ---------------------------------------------------------------------Update Information: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches thatcorrect these issues. ---------------------------------------------------------------------* Wed Jul 18 2007 Kai Engert - 1.5.0.12-4 - fix tar ball mistake * Wed Jul 18 2007 Kai Engert - 1.5.0.12-3 - Add a patch to stick with major versions 1.5.0.12 / 1.8.0.12 * Tue Jul 17 2007 Kai Engert - 1.5.0.12-2 - Update to latest snapshot of Mozilla 1.8.0 branch - Include patches for Mozilla bugs 379245, 384925, 178993, 381300 (+382686), 358594 (+380933), 382532 (+382503) ---------------------------------------------------------------------This update can be downloaded from: 04db587478c5865e44645faaa08a2105f9c565e7 SRPMS/firefox-1.5.0.12-4.fc6.src.rpm 04db587478c5865e44645faaa08a2105f9c565e7 noarch/firefox-1.5.0.12-4.fc6.src.rpm f1b14a2ec88fb32af73367cf268fcce0d9f7a494 ppc/debug/firefox-debuginfo-1.5.0.12-4.fc6.ppc.rpm 4810057d98164845f5e773f9371a96f694cb1ec7 ppc/firefox-1.5.0.12-4.fc6.ppc.rpm b0bdbb8d7799c301f78c63c6d0aedac119869c18 ppc/firefox-devel-1.5.0.12-4.fc6.ppc.rpm ffbe5e5e08488c57799bdc9c68f98f3767c0daf7 x86_64/firefox-1.5.0.12-4.fc6.x86_64.rpm 01bdf0e33965ff1247dd2381ba4ee69739ce9d46 x86_64/debug/firefox-debuginfo-1.5.0.12-4.fc6.x86_64.rpm 252e41424130a8f463ca63044cc9f4d15cb7d503 x86_64/firefox-devel-1.5.0.12-4.fc6.x86_64.rpm 2bfd3305921f9f3e98d92fb2761ab253af92dba8 i386/firefox-1.5.0.12-4.fc6.i386.rpm dae4f9c1ba9723b94a4b058720e878af23635646 i386/firefox-devel-1.5.0.12-4.fc6.i386.rpm d92d064ee92b21887704d5e7c4560a367573976c i386/debug/firefox-debuginfo-1.5.0.12-4.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jul 20, 2007
Fedora
89
security advisorycritical riskdata breachFedora Core 4: FEDORA-2005-619 Critical: Mozilla Data Breach Exploits
Package repairs various vulnerabilities.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-619 2005-07-22 ---------------------------------------------------------------------Product : Fedora Core 4 Name : mozilla Version : 1.7.10 Release : 1.5.1 Summary : A Web browser. Description : Mozilla is an open-source Web browser, designed for standards compliance, performance, and portability. ---------------------------------------------------------------------Update Information: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious Javascript code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2260 to this issue. A bug was found in the way Mozilla executed Javascript in XBL controls. It is possible for a malicious webpage to leverage this vulnerability to execute other JavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263) A bug was found in the way Mozilla handled certain Javascript functions. It is possible for a malicious webpage to crash the browser by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937) A bug was found in theway Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266) A bug was found in the way Mozilla opened URLs from media players. If a media player opens a URL which is Javascript, the Javascript executes with access to the currently open webpage. (CAN-2005-2267) A design flaw was found in the way Mozilla displayed alerts and prompts. Alerts and prompts were given the generic title [JavaScript Application] which prevented a user from knowing which site created them. (CAN-2005-2268) A bug was found in the way Mozilla handled DOM node names. It is possible for a malicious site to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious Javascript. (CAN-2005-2269) A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues. ---------------------------------------------------------------------* Tue Jul 19 2005 Christopher Aillon 37:1.7.10-1.5.1 - Update to 1.7.10 - Fix a crash on 64bit platforms (#160330) ---------------------------------------------------------------------This update can be downloaded from: eb361c708dddc1af05158ce6759a61b9 SRPMS/mozilla-1.7.10-1.5.1.src.rpm c5cfc540316ed7679b562ce6e4431a53 ppc/mozilla-1.7.10-1.5.1.ppc.rpm 69ea1fde672e04a4f6913025870ae28e ppc/mozilla-nspr-1.7.10-1.5.1.ppc.rpm 26ccb88f78bb5142aa07325fd4c5a8c2 ppc/mozilla-nspr-devel-1.7.10-1.5.1.ppc.rpm 465c71611974982178a4acbd03e79848 ppc/mozilla-nss-1.7.10-1.5.1.ppc.rpm 6c3043f14271ce087413b667de05e04c ppc/mozilla-nss-devel-1.7.10-1.5.1.ppc.rpm 5489a8676730b06e32e18f375b83b55d ppc/mozilla-devel-1.7.10-1.5.1.ppc.rpm b672a31b9bf29f2a593d870f694aa014 ppc/mozilla-mail-1.7.10-1.5.1.ppc.rpm 51be9cdb1510a8b045104bf8956cd174 ppc/mozilla-chat-1.7.10-1.5.1.ppc.rpm fc3b1d1ecbfcb7a26bbfd2cb18153ec3 ppc/mozilla-js-debugger-1.7.10-1.5.1.ppc.rpm 76f4786b961fa856c99f7a6d60e53ef6 ppc/mozilla-dom-inspector-1.7.10-1.5.1.ppc.rpm 2e3612c10f295f670de5cdf5537b8d18 ppc/debug/mozilla-debuginfo-1.7.10-1.5.1.ppc.rpm e01cf2f85658577773f84c27be82a981 x86_64/mozilla-1.7.10-1.5.1.x86_64.rpm 78ea2f828bdf576072d5b1d8a117ac18 x86_64/mozilla-nspr-1.7.10-1.5.1.x86_64.rpm 6ed062540e8729a0fe20603dd81a4555 x86_64/mozilla-nspr-devel-1.7.10-1.5.1.x86_64.rpm 900e1bdda17a57a40734e4632216b09b x86_64/mozilla-nss-1.7.10-1.5.1.x86_64.rpm 0835f3a6eb0d3a28e571c659f62b58b5 x86_64/mozilla-nss-devel-1.7.10-1.5.1.x86_64.rpm 46366778caa6bbc28ac2fd7ab601b3e6 x86_64/mozilla-devel-1.7.10-1.5.1.x86_64.rpm d484918f9a9aacaa3244dfe9aa00724c x86_64/mozilla-mail-1.7.10-1.5.1.x86_64.rpm a91f3fdebba315d7a904dce6ca078a71 x86_64/mozilla-chat-1.7.10-1.5.1.x86_64.rpm b7c81fc35699665628b08becab581d89 x86_64/mozilla-js-debugger-1.7.10-1.5.1.x86_64.rpm e2159457c9cb315bb58ea141fcb61f58 x86_64/mozilla-dom-inspector-1.7.10-1.5.1.x86_64.rpm bee07c4cc4a2334c6c659b9a78b5dd27 x86_64/debug/mozilla-debuginfo-1.7.10-1.5.1.x86_64.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 x86_64/mozilla-nspr-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 x86_64/mozilla-nss-1.7.10-1.5.1.i386.rpm 0170da6538e34da1618ae3b496e19191 i386/mozilla-1.7.10-1.5.1.i386.rpm 9e00889d8cf0e0cf6e05b9e2bfa4aa59 i386/mozilla-nspr-1.7.10-1.5.1.i386.rpm 4284565ab14530bc3a3b9c67f19b5ef3 i386/mozilla-nspr-devel-1.7.10-1.5.1.i386.rpm d3debda6d568aaf48caec6f01d2c4bb5 i386/mozilla-nss-1.7.10-1.5.1.i386.rpm 29207a796c6f6467afaf012f4102e51f i386/mozilla-nss-devel-1.7.10-1.5.1.i386.rpm 46c2a725f16211cf11c6f247c4865baf i386/mozilla-devel-1.7.10-1.5.1.i386.rpm 6875846f0350c548aea6bc80c248f97f i386/mozilla-mail-1.7.10-1.5.1.i386.rpm ed5d8fa1b534c8226dca48c30fbab7c0 i386/mozilla-chat-1.7.10-1.5.1.i386.rpm 3cd9b40c026c9bc7ff0f1688eddb0a55 i386/mozilla-js-debugger-1.7.10-1.5.1.i386.rpm 30dea8f03254fa2b7504099592c5c073 i386/mozilla-dom-inspector-1.7.10-1.5.1.i386.rpm e85b37cef808ba529a228cec8b205a82 i386/debug/mozilla-debuginfo-1.7.10-1.5.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jul 22, 2005
•Critical
Fedora
89
security advisoryfedorasecurity patchFedora: FEDORA-2006-789 Severe: Thunderbird JavaScript Exploits
Fix various security related bugs.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-606 2005-07-20 ---------------------------------------------------------------------Product : Fedora Core 4 Name : thunderbird Version : 1.0.6 Release : 1.1.fc4 Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. ---------------------------------------------------------------------Update Information: Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird handled anonymous functions during regular expression string replacement. It is possible for a malicious HTML mail to capture a random block of client memory. The Common Vulnerabilities and Exposures project has assigned this bug the name CAN-2005-0989. A bug was found in the way Thunderbird validated several XPInstall related JavaScript objects. A malicious HTML mail could pass other objects to the XPInstall objects, resulting in the JavaScript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159) A bug was found in the way the Thunderbird privileged UI code handled DOM nodes from the content window. An HTML message could install malicious JavaScript code or steal data when a user performs commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160) A bug was found in the way Thunderbird executed JavaScript code. JavaScript executed from HTML mail should run with a restricted access level, preventing dangerous actions. It is possible that a malicious HTML mail could execute JavaScript code with elevated privileges, allowing access to protected data and functions. (CAN-2005-1532) A bug was found in the way Thunderbird executed Javascript in XBL controls. It is possible for a malicious HTML mail to leverage this vulnerability to execute otherJavaScript based attacks even when JavaScript is disabled. (CAN-2005-2261) A bug was found in the way Thunderbird handled certain Javascript functions. It is possible for a malicious HTML mail to crash the client by executing malformed Javascript code. (CAN-2005-2265) A bug was found in the way Thunderbird handled child frames. It is possible for a malicious framed HTML mail to steal sensitive information from its parent frame. (CAN-2005-2266) A bug was found in the way Thunderbird handled DOM node names. It is possible for a malicious HTML mail to overwrite a DOM node name, allowing certain privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269) A bug was found in the way Thunderbird cloned base objects. It is possible for HTML content to navigate up the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270) Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.6 and is not vulnerable to these issues. ---------------------------------------------------------------------* Wed Jul 20 2005 Christopher Aillon 1.0.6-1.1.fc4 - Update to 1.0.6 * Mon Jul 18 2005 Christopher Aillon 1.0.6-0.1.fc4 - 1.0.6 Release Candidate ---------------------------------------------------------------------This update can be downloaded from: 51f614a0a887ffb58ce6bbf4f4eb7431 SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm fc206b1fd0dccb15da66b2fe3b272175 ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm 0b94083b2f2415f84069e30c20742ec1 ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm 38da7902f6e1bcfc45ef688e04a770e8 x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm 1a6bbee24e0559176e19ba1218d91e02 x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm f858562b2d77180acb6d40022fe1c3cd i386/thunderbird-1.0.6-1.1.fc4.i386.rpm 90cba454ded9c8d4e049262abdea64d2 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm This update can also be installed with the Update Agent; you can launch the UpdateAgent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jul 20, 2005
•Critical
Fedora
91
security advisorygentoosoftware updateGentoo GLSA: 200507-18 Low Severity MediaWiki Cross-Site Scripting
MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200507-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: MediaWiki: Cross-site scripting vulnerability Date: July 20, 2005 Bugs: #99132 ID: 200507-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. Background ========= MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mediawiki < 1.4.7 > = 1.4.7 Description ========== MediaWiki fails to escape a parameter in the page move template correctly. Impact ===== By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to inject malicious JavaScript code that will be executed in a user's browser session in the context of the vulnerable site. Workaround ========= There is no known workaround at this time. Resolution ========= All MediaWiki users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/mediawiki-1.4.7" References ========= [ 1 ] MediaWiki 1.4.7 Release Notes Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200507-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 20, 2005
•Low
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!