Ubuntu Security Notice 1123-1 - A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
107e7026a0d71242cee52a86cd3fd92ca9fb2ae7bce238e4916c6c3fc152ee22
Debian Linux Security Advisory 2186-2 - The security update DSA-2186 issued for Iceweasel caused a regression in Vimperator, an Iceweasel extension to make it have vim look and feel. vimperator in stable has been updated to 2.3.1-0+squeeze1 to restore compatibility. Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
ab5f2d14141bc3a98f962b90f03aa06afa5ccb46bc3464056310aed3a357c391
Debian Linux Security Advisory 2187-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
2f841fc251375d8dff168d706c392727034da02e2f89e3e1126f5890813b87bf
Debian Linux Security Advisory 2186-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
214515a8a923740f559da955c3016d83d7555f8783a774ddd655853fea37fe86
Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
63a521ad446cb2ddd1af1035e156678cf3b9d54a0fd09d60d70e2e2288524400
Mandriva Linux Security Advisory 2011-041 - Multiple vulnerabilities have been discovered and addressed in Firefox. Cross-site request forgery vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service via a long string that triggers construction of a long text run. Various other issues have also been addressed.
137da7b6e646e81043194eb519253dcced00d25fe1fe659854704286ad17287e
Debian Linux Security Advisory 2180-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Roberto Suggi Liverani discovered that the sanitizing performed by ParanoidFragmentSink was incomplete. Zach Hoffmann discovered that incorrect parsing of recursive eval() calls could lead to attackers forcing acceptance of a confirmation dialogue. Crashes in the layout engine may lead to the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Various other issues have also been addressed.
54f9e96aaceb4666fbde87ab89afa2d7d4a85564efa06a363d3fde81e8d299c0
Ubuntu Security Notice 1049-1 - Multiple vulnerabilities have been addressed in the firefox and xulrunner packages. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. Various other issues have also been addressed.
11df6da5cbb40528cbeafb93b5bdd7aa9e44b8fac9ccabdb424704d5222d3bd2