Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1046] DSA-1046-1 mozilla


Vulnerability Assessment Details

[DSA1046] DSA-1046-1 mozilla

Vulnerability Assessment Summary
DSA-1046-1 mozilla

Detailed Explanation for this Vulnerability Assessment

Several security related problems have been discovered in Mozilla.
The Common Vulnerabilities and Exposures project identifies the
following vulnerabilities:
The "run-mozilla.sh" script permits local users to create or
overwrite arbitrary files when debugging is enabled via a symlink
attack on temporary files.
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
The JavaScript interpreter does not properly dereference objects,
which permits remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
The function allocation code permits attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
XULDocument.persist() did not validate the attribute name,
permiting a possible hacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]
An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]
A particular sequence of HTML tags can cause memory corruption
that can be exploited to execute arbitrary code. [MFSA-2006-18]
Georgi Guninski reports that forwarding mail in-line while using
the default HTML "rich mail" editor will execute JavaScript
embedded in the e-mail message with full rights of the client.
[MFSA-2006-21]
The HTML rendering engine does not properly block external images
from inline HTML attachments when "Block loading of remote images
in mail messages" is enabled, which could permit remote attackers
to obtain sensitive information. [MFSA-2006-26]
A vulnerability potentially permits remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially permits remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially permits remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially permits remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
A vulnerability potentially permits remote attackers to cause a
denial of service and possibly execute arbitrary code. [MFSA-2006-20]
Due to an interaction between XUL content windows and the history
mechanism, some windows may to become translucent, which might
permit remote attackers to execute arbitrary code. [MFSA-2006-29]
"shutdown" discovered that the security check of the function
js_ValueToFunctionObject() can be circumvented and exploited to
permit the installation of malware. [MFSA-2006-28]
Georgi Guninski reported two variants of using scripts in an XBL
control to g
[...]

Solution : http://www.debian.org/security/2006/dsa-1046
Network Security Threat Level: High

Networks Security ID: 15773, 16476, 16476, 16770, 16881, 17516

Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi

Cables, Connectors


Atari 1050 5.25

Atari 1050 5.25" Floppy Disk Drive w/ CO17945 Power Adaptor - Powers On

$49.99



Atari 800XL Retro Computer Vintage Computing Gaming - Untested - No Power Supply picture

Atari 800XL Retro Computer Vintage Computing Gaming - Untested - No Power Supply

$119.99



Atari 130xe Computer Case (no keyboard, no motheboard) picture

Atari 130xe Computer Case (no keyboard, no motheboard)

$40.00



Vintage Atari 400 Computer System w/ Atari 410 Program Recorder picture

Vintage Atari 400 Computer System w/ Atari 410 Program Recorder

$100.00



Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device picture

Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device

$15.25



Atari 1090XL Reproduction Main Board with two cards. picture

Atari 1090XL Reproduction Main Board with two cards.

$249.42



Atari 1200XL Computer with Power Supply and BASIC - Tested 100% Working picture

Atari 1200XL Computer with Power Supply and BASIC - Tested 100% Working

$325.00



Lot of Atari 400 & 800XL Computers, 1050 Floppy Disk Drive, Joysticks, & Games picture

Lot of Atari 400 & 800XL Computers, 1050 Floppy Disk Drive, Joysticks, & Games

$350.00



A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game picture

A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game

$32.95



Atari 600XL Computer Bundle TESTED WORKING With Cassette Recorder Atariwriter picture

Atari 600XL Computer Bundle TESTED WORKING With Cassette Recorder Atariwriter

$161.95



Discussions

No Discussions have been posted on this vulnerability.