Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability
Quote:
Soroush Dalili has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error when handling drag and drop events and can be exploited to bypass the same origin policy and e.g. execute script code in the context of another domain.
The vulnerability is confirmed in version 9.0.1. Other versions may also be affected.
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
Quote:
A security issue and multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability
Quote:
A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error in the "nsXBLDocumentInfo::ReadPrototypeBindings()" method when handling XBL bindings in a hash table and can be exploited to cause a cycle collector to call an invalid virtual function.
Successful exploitation may allow execution of arbitrary code.
Mozilla Firefox / Thunderbird / Seamonkey libpng Integer Overflow
Quote:
Mozilla has acknowledged a vulnerability in Firefox, Thunderbird, and Seamonkey, which can be exploited by malicious people to potentially compromise a user's system.
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
Quote:
Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
1) A use-after-free error exists within shlwapi.dll when closing a child window that uses the file open dialog.
2) An error when handling certain drag and drop actions can be exploited to conduct cross-site scripting attacks.
3) A use-after-free error exists within the "nsSMILTimeValueSpec::ConvertBetweenTimeContainers()" function when handling certain SVG animation.
4) An out-of-bounds read error in SVG filters can be exploited to disclose certain data.
5) An error when handling Content Security Policy headers can be exploited to conduct cross-site scripting attacks.
6) An error when handling "javascript:" home page can be exploited to execute script code in "about:sessionrestore" context.
7) An unspecified error exists when accessing a keyframe's cssText after dynamic modification.
8) The window.fullScreen property does not properly enforce the mozRequestFullscreen policy, which can be exploited to bypass the policy and spoof certain content.
9) Multiple unspecified errors can be exploited to corrupt memory.
Successful exploitation of vulnerabilities #1, #3, #6, #7, and #9 may allow execution of arbitrary code.
Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.
Im glad they are fixing these issues, i jumped ship from IE for these reasons and vun reports lately are a little uneasy, damn pops and crap that smash FF are annoying too nowdays
I have came across lot of time with the red screed which says Malicious information found and firefox don't open it but we can browse in other Browsers ?
one way we think it is good that firefox stop us to accessing that kind of page but at the other end most of the time there is nothing wrong with that website so what to do that time ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
