Timeline of Mozilla shell: Security Vulnerability

Grok Headline matches for Timeline of Mozilla shell: Security Vulnerability

What Mozilla users should know about the
shell: protocol security issue

What Mozilla users should know about the
shell: protocol security issue 07/09/2004 08:02 AM
install this upgrade .. Hier de patch .. been released

mozilla.org/security/shell.html
track this site | 6 links

Mozilla moves to fix security
vulnerability

Mozilla moves to fix security
vulnerability 07/09/2004 11:56 AM
The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser and Thunderbird e-mail client to download a small patch to work around a security vulnerability discovered Thursday.

Fix for URL Spoofing Security
Vulnerability Checked in to Mozilla
Trunk and 1.6 Branch

Fix for URL Spoofing Security
Vulnerability Checked in to Mozilla
Trunk and 1.6 Branch 01/07/2004 07:08 PM

Mozilla bug-squashing timeline

Mozilla bug-squashing timeline 07/15/2004 12:17 PM
This timeline of the discovery of a critical flaw in Mozilla is amazing. It took a scant 31 hours between the moment the bug was first reported to the moment that you could download a patched version of all different Mozilla flavours and derivatives.

July 7 - 13:46 GMT - Keith McCanless files a bug in the Bugzilla Database reporting a new vulnerability. It exploits the windows "shell:" handler and allows a malicious web page to execute a program on a client's computer (The program has to already be present on the computer). McCanless notes that the bug is "BOTH a security concern and a DOS," since if the link points to a nonexistent file, it makes the Mozilla browser spawn off endless amounts of new windows. The bug is marked private since it is security-related; only developers with proper clearance can see it. (source)...

July 7 - 18:16 GMT - Mozilla developer "timeless" creates patch closing vulnerability. He posts the patch on the Bugzilla Database so that other developers can approve it. (source) The bug had been known to the world for a matter of hours before a patch was created to fix it

Link (via Crypto-Gram)

Mozilla / Mozilla Firefox User Interface
Spoofing Vulnerability

Mozilla / Mozilla Firefox User Interface
Spoofing Vulnerability 08/01/2004 10:04 AM

Direct and Related Links for 'Mozilla / Mozilla Firefox User Interface Spoofing Vulnerability'

“A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface. The problem is that Mozilla and Mozilla Firefox don’t restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to “hijack” most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees….A PoC (Proof of Concept) exploit for Mozilla Firefox…

IE vs. Mozilla on the Shell Hole—Whose
Bug Is It?

IE vs. Mozilla on the Shell Hole—Whose
Bug Is It? 07/12/2004 02:35 PM
Opinion: Mozilla exposed the scheme, opened the hole. Now it's a debate in security circles. But the only way this is a vulnerability in Windows is if it's a vulnerability for a shell to be able to run programs.

timeline of the latest security bug

timeline of the latest security bug 07/10/2004 07:34 PM
sacarny’s own work .. in about 24 hours .. timeline

sacarny.com/blog/index.php?p=104
track this site | 4 links

IE May Share Shell Hole Found in Mozilla

IE May Share Shell Hole Found in Mozilla 07/13/2004 08:29 PM
Security firm Secunia reports four new "extremely critical" vulnerabilities in Internet Explorer that have some security experts asking whether any commercial browser can ever be secure.

MOZILLA: SHELL can execute remote EXE
program

MOZILLA: SHELL can execute remote EXE
program 07/12/2004 02:15 PM
liudieyu_at_umbrella.name (Jul 08 2004)

Mozilla Fails to Restrict Access to
"shell:"

Mozilla Fails to Restrict Access to
"shell:" 07/10/2004 11:02 AM
“This notice covers BOTH a security concern and a DOS. 1)Using the ‘shell:’ prefix in addresses on a windows PC allows access to the local file system. AFAIK all shell shortcuts in IE will also work in mozilla. Addresses such as ‘shell:cookies’ passes the call to explorer and it shows the desired location. Address to individual files or cookies are handled by Mozilla and treated as a ‘file:’ protocol. While I have not looked into the exploitability of this behavior, it would seem to be a security risk as IE has supposedly dropped this functionality in SP1 for IE 6. 2) By making a request for a file that does not exist on the user’s system using the ‘shell:’ prefix, Mozilla will continue to open windows until the user’s system crashes.” The resolution is to apply a patch or update to the latest version.

Mozilla / Mozilla Firefox Vulnerability

Mozilla / Mozilla Firefox Vulnerability 09/18/2004 10:48 AM

Direct and Related Links for 'Mozilla / Mozilla Firefox Vulnerability'

“Software: Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2, Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x, Mozilla Firefox 0.x Description: WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox, which potentially can be exploited by malicious people to conduct session fixation attacks. For more information: SA12341 Solution: Do not follow untrusted links.”…

[SNS Advisory No.77] Usermin Remote
Arbitrary Shell Command Execution
Vulnerability

[SNS Advisory No.77] Usermin Remote
Arbitrary Shell Command Execution
Vulnerability 09/07/2004 06:23 PM
snsadv (Sep 07 2004)

RE: Microsoft Windows Server 2003 "Shell
Folders" Directory Traversal
Vulnerability

RE: Microsoft Windows Server 2003 "Shell
Folders" Directory Traversal
Vulnerability 04/02/2005 03:36 PM
Eiji James Yoshida (Apr 02 2005)

Vulns: Microsoft Windows Shell CLSID
File Extension Misrepresentation
Vulnerability

Vulns: Microsoft Windows Shell CLSID
File Extension Misrepresentation
Vulnerability 07/19/2004 06:36 PM
SecurityFocus Jul 19 2004 11:04PM GMT

Mozilla Releases Security Updates To
Thunderbird, Mozilla Suite

Mozilla Releases Security Updates To
Thunderbird, Mozilla Suite 03/27/2005 12:35 PM
Information Week Mar 27 2005 3:53PM GMT

Vulns: Microsoft Internet Explorer
Shell: IFrame Cross-Zone Scripting
Vulnerability

Vulns: Microsoft Internet Explorer
Shell: IFrame Cross-Zone Scripting
Vulnerability 07/17/2004 07:29 PM
SecurityFocus Jul 17 2004 11:07PM GMT

Mozilla Patches Vulnerability

Mozilla Patches Vulnerability 07/09/2004 05:10 PM
Internet News Jul 9 2004 9:49PM GMT

Mozilla/Netscape Vulnerability

Mozilla/Netscape Vulnerability 08/03/2004 10:28 AM
Zzen-parse has reported a vulnerability in Mozilla and Netscape, potentially allowing malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the SOAPParameter object's constructor. This can e.g. be exploited via a malicious web page containing specially crafted javascript. This has been reported in Mozilla 1.6, and Netscape 7.0 and 7.1. Prior versions may also be affected.

Affected Mozilla/Netscape Web browsers:

• Mozilla 0.x
  
• Mozilla 1.0 to 1.6
  
• Netscape 7.x

Firefox 0.9 onwards is not affected; all users of the older versions are advised to upgrade the newer releases.
View: Bugzilla Bug 236618
News source: Secunia

Read full story...

Netscape/Mozilla Vulnerability

Netscape/Mozilla Vulnerability 08/02/2004 05:32 PM

Direct and Related Links for 'Netscape/Mozilla Vulnerability'

“Improper input validation to the SOAPParameter object constructor in Netscape and Mozilla allows execution of arbitrary code. The SOAPParameter object’s constructor contains an integer overflow which allows controllable heap corruption. A web page can be constructed to leverage this into remote execution of arbitrary code….Netscape version 7.0 and 7.1 have been confirmed to be vulnerable. Mozilla 1.6 is also vulnerable to this issue. It is suspected that earlier versions of both browsers may also be…

Mozilla UI Spoofing Vulnerability

Mozilla UI Spoofing Vulnerability 07/31/2004 05:32 AM

Notes and Tips: Mozilla-family
Vulnerability

Notes and Tips: Mozilla-family
Vulnerability 04/06/2005 12:19 PM
Any of the Mozilla-family browsers (including Firefox and Camino) may be coerced into revealing sensitive information in memory; here's a test...

Mozilla Thunderbird Drag and Drop
Vulnerability

Mozilla Thunderbird Drag and Drop
Vulnerability 03/24/2005 04:03 AM
“Secunia Advisory: SA14671 Critical: Less critical Impact: Manipulation of data Where: From remote Solution Status: Vendor Patch Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.x A vulnerability has been reported in Thunderbird, which can be exploited by malicious people to plant malware on a user’s system. For more information: SA14160 Solution: Update to version 1.0.2. http://www.mozilla.org/products/thunderbird/ Full article: Secunia Advisory: SA14671…

Direct and Related Links for 'Mozilla Thunderbird Drag and Drop Vulnerability'

Mozilla User Interface Spoofing
Vulnerability

Mozilla User Interface Spoofing
Vulnerability 07/31/2004 07:22 PM
A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface. The problem is that Mozilla and Mozilla Firefox don't restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to "hijack" most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees.

The Mozilla user interface is built using XUL files. A PoC (Proof of Concept) exploit for Mozilla Firefox has been published. The PoC spoofs a SSL secured PayPal website. This has been confirmed using Mozilla 1.7 for Linux, Mozilla Firefox 0.9.1 for Linux, Mozilla 1.7.1 for Windows and Mozilla Firefox 0.9.2 for Windows. Prior versions may also be affected.

View: Mozilla Bug 244965
News source: Secunia

Read full story...

Mozilla / Firefox Memory Exposure
Vulnerability

Mozilla / Firefox Memory Exposure
Vulnerability 04/04/2005 06:23 PM
Slashdot Apr 4 2005 8:57PM GMT

Mozilla / Firefox Certificate Store
Corruption Vulnerability

Mozilla / Firefox Certificate Store
Corruption Vulnerability 07/19/2004 03:17 PM

Direct and Related Links for 'Mozilla / Firefox Certificate Store Corruption Vulnerability'

“Marcel Boesch has reported a vulnerability in Mozilla and Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service).”…

Mozilla Firefox JavaScript Engine
Information Disclosure Vulnerability

Mozilla Firefox JavaScript Engine
Information Disclosure Vulnerability 04/05/2005 01:58 AM
Secunia Advisory: SA14820 Critical: Moderately critical Impact: Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: Mozilla Firefox 0.x, Mozilla Firefox 1.x A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive information. The vulnerability is caused due to an error in the JavaScript engine, as a “lambda” replace exposes arbitrary amounts of heap memory after the end…

D irect and Related Links for 'Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability'

Mozilla Thunderbird GIF Image Processing
Buffer Overflow Vulnerability

Mozilla Thunderbird GIF Image Processing
Buffer Overflow Vulnerability 03/24/2005 02:15 PM
“Secunia Advisory: SA14685 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.x Mark Dowd has reported a vulnerability in Thunderbird, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the GIF image processing of Netscape extension 2 blocks and can be exploited to cause a heap-based buffer overflow via a specially…

D irect and Related Links for 'Mozilla Thunderbird GIF Image Processing Buffer Overflow Vulnerability'

Vulns: Mozilla Browser Input Type HTML
Tag Unauthorized Access Vulnerability

Vulns: Mozilla Browser Input Type HTML
Tag Unauthorized Access Vulnerability 08/08/2004 03:46 PM
SecurityFocus Aug 8 2004 8:17PM GMT

Manage With the Windows Shell: Write
Shell Extensions with C#

Manage With the Windows Shell: Write
Shell Extensions with C# 06/30/2004 05:43 PM
In this article, Dino Esposito demonstrates how to create a Windows shell extension using C# code and the .NET Framework. He discusses the COM Interop layer and using a practical example, shows you techniques and tricks you need to know to build managed shell extensions.

Cisco Security Advisory: Vulnerabilities
in Cisco IOS Secure Shell Server

Cisco Security Advisory: Vulnerabilities
in Cisco IOS Secure Shell Server 04/06/2005 05:45 PM
Posted by Cisco Systems Product Security Incident Response Team, Apr 06 2005

OS X security vulnerability

OS X security vulnerability 12/16/2003 06:33 PM
A new Mac OS X security vulnerability has been discovered. Apparantly this vulnerability can allow execution of arbitrary code with "root" priviledges. The issue is considered a "Less Critical" vulnerability, and affects Mac OS X 10.3.1 and possibly other versions of the operating system.

Other News: Mozilla Security

Other News: Mozilla Security 07/28/2004 11:05 AM
Mozilla has some old security flaws in its certificate handling code.

Mozilla Security Flaw

Mozilla Security Flaw 07/08/2004 08:27 PM

eWeek reports on a new browser security flaw that enables links to run arbitrary programs - but this time the problem isn't in IE, but in Mozilla (and therefore Firefox). As expected, the Mozilla team has already released a fix.

Report a Security Vulnerability

Report a Security Vulnerability 10/29/2003 11:30 PM
To report a security vulnerability, just complete the form below and submit it. Help is available for many fields in the form -- just place the mouse pointer over the field you need help with, and pop-up text will appear.

vBulletin Security Vulnerability

vBulletin Security Vulnerability 01/22/2004 02:58 AM
gcf_at_hush.com (Jan 20 2004)

Security Alert: Another IE6
Vulnerability

Security Alert: Another IE6
Vulnerability 11/25/2002 11:55 AM
A new exploit has been found in IE6 that allows a serious security vulnerability. Although this is not directly related to PHP Freaks, I thought I would take a moment to point this out to our readers.

IE Security Vulnerability Exploited

IE Security Vulnerability Exploited 12/29/2003 11:46 PM
The security vulnerability in Internet Explorer that was published a few weeks ago has been exploited. Not only that, it's been done almost exactly as I commented (envisioned?) here on Sam Ruby's blog, only using spam instead of a weblog entry. This is the spam email I received: Viewing the html-source revealed that the "click here" link does not actually... (306 words)

RE: vBulletin Security Vulnerability

RE: vBulletin Security Vulnerability 01/22/2004 02:58 AM
Ferruh Mavituna (Jan 20 2004)

Mozilla security update released

Mozilla security update released 08/04/2004 11:53 AM
Mozilla.org has released Mozilla 1.7.2, a new version of its Internet suite that includes a Web browser, e-mail application, IRC chat client, Web page editor and more...
Grok Description matches for Timeline of Mozilla shell: Security Vulnerability
GrokA matches for Timeline of Mozilla shell: Security Vulnerability

Timeline of Mozilla shell: Security Vulnerability

The following phrases have been identified by the grok system as matching this entry: