Results 1 to 2 of 2

Thread: Multiple vulnerabilities in Mozilla products

  1. #1
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,732

    Multiple vulnerabilities in Mozilla products




    Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.

    VU#414240 -Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp

    VU#847200 -Mozilla contains integer overflows in bitmap image decoder

    VU#808216 -Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs

    VU#125776 -Multiple buffer overflows in Mozilla POP3 protocol handler

    VU#327560 -Mozilla "send page" feature contains a buffer overflow vulnerability

    VU#651928 -Mozilla allows arbitrary code execution via link dragging

    Upgrade to a patched version
    Mozilla has released versions of the affected software that contain patches for these issues:


    Mozilla 1.7.3
    Firefox Preview Release
    Thunderbird 0.8

    Full Story: US-CERT.org
    Last edited by phishhead; September 20th, 2004 at 18:16 PM. Reason: added links for patches



  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    I was going to wait til the final v1.0 of Firefox was released, but ... oh well

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •