Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitra ...
Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other ...
It was discovered that ImageMagick would search for configuration files in the current directory. If a user were tricked into opening or processing an image in an arbitrary directory, a local attacker could execute arbitrary code with the user"s privileges.
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Details: USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This u ...
It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service.