close
Pourquoi s'enregistré ... Pour bénéficié de plein d'avantage, plus l'accès à des partis du site qui ne sont accessible qu'aux membres. L'inscription n'est pas une obligation.

       
Mot de passe oublié?    Identifiant oublié?    Créer un compte

Si toute fois vous avez envies de vous inscrire, donner une adresse e-mail valide, car il vous seras envoyer un mail de confirmation d'ouverture de compte. Merci.
Top Panel
Login
Top Panel

Pin-Up

Recherche Google

Publicité

MDVSA-2011:142: mozilla-thunderbird PDF Imprimer Envoyer
(0 Votes)
Écrit par Administrator   
Samedi, 01 Octobre 2011 23:00
Security issues were identified and fixed in mozilla firefox and
thunderbird:

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not prevent the starting of a download
in response to the holding of the Enter key, which allows user-assisted
remote attackers to bypass intended access restrictions via a crafted
web site (CVE-2011-2372).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0,
and SeaMonkey before 2.4 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2011-2995).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2011-2997).

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before
7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses
that contain multiple Location, Content-Length, or Content-Disposition
headers, which makes it easier for remote attackers to conduct HTTP
response splitting attacks via crafted header values (CVE-2011-3000).

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey
before 2.4 do not prevent manual add-on installation in response
to the holding of the Enter key, which allows user-assisted remote
attackers to bypass intended access restrictions via a crafted web
site that triggers an unspecified internal error (CVE-2011-3001).

Use-after-free vulnerability in Mozilla Firefox 4.x through 6,
Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via crafted OGG headers in a .ogg file
(CVE-2011-3005).

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0,
and SeaMonkey before 2.4, allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via crafted JavaScript (CVE-2011-3232).

Lire la suite...
Submit to Delicious Submit to Facebook Submit to Google Bookmarks Submit to Technorati Submit to Twitter Submit to LinkedIn

 

Ajouter un Commentaire


Code de sécurité
Rafraîchir

maps.amung.us

www.geo-loc.com

Publicité

Browse the web faster with Firefox