Weekly Vulnerabilities Reports > June 27 to July 3, 2011

Overview

87 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 15 vendors including Opera, Mozilla, Google, GNU, and HP. Vulnerabilities are notably categorized as "Resource Management Errors", "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 82 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Opera has the most reported vulnerabilities, with 34 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-01 CVE-2011-2628 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

10.0
2011-07-01 CVE-2011-2610 Opera Security vulnerability in Opera Web Browser

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

10.0
2011-07-01 CVE-2011-1866 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector

Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.

10.0
2011-07-01 CVE-2011-1865 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector

Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.

10.0
2011-06-30 CVE-2011-2376 Mozilla Memory Corruption vulnerability in Mozilla Firefox and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2011-06-30 CVE-2011-2375 Mozilla Memory Corruption vulnerability in Mozilla Firefox and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2011-06-30 CVE-2011-2374 Mozilla Memory Corruption vulnerability in Mozilla Firefox and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2011-06-30 CVE-2011-2371 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

10.0
2011-06-30 CVE-2011-2368 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox 4.0/4.0.1

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

10.0
2011-06-30 CVE-2011-2365 Mozilla Memory Corruption vulnerability in Mozilla Firefox and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.

10.0
2011-06-30 CVE-2011-2364 Mozilla Memory Corruption vulnerability in Mozilla Firefox and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.

10.0
2011-06-30 CVE-2011-2363 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.

10.0
2011-06-30 CVE-2011-0085 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

10.0
2011-06-30 CVE-2011-0083 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.

10.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-06-30 CVE-2011-2373 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

7.6
2011-06-29 CVE-2011-2181 Reallysimplechat SQL Injection vulnerability in Reallysimplechat Really Simple Chat 3.3

Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.

7.5
2011-06-30 CVE-2011-2604 Intel
Microsoft
Resource Management Errors vulnerability in Intel G41 Driver 6.14.10.5355

The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.

7.1
2011-06-30 CVE-2011-2603 Nvidia
Apple
Resource Management Errors vulnerability in Nvidia 9400M Driver 6.2.6

The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.

7.1
2011-06-30 CVE-2011-2602 Nvidia
Microsoft
Resource Management Errors vulnerability in Nvidia Geforce 310 Driver 6.14.12.7061

The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.

7.1
2011-06-30 CVE-2011-2601 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

7.1
2011-06-30 CVE-2011-2600 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows XP

The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-06-29 CVE-2011-2351 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8
2011-06-29 CVE-2011-2350 Google Unspecified vulnerability in Google Chrome

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-06-29 CVE-2011-2349 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.

6.8
2011-06-29 CVE-2011-2348 Google Buffer Errors vulnerability in Google Chrome

Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-06-29 CVE-2011-2347 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8
2011-06-29 CVE-2011-2346 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.

6.8
2011-07-01 CVE-2011-2608 HP Improper Input Validation vulnerability in HP Openview Performance Agent and Operations Agent

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.

6.4
2011-06-30 CVE-2011-2367 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox 4.0/4.0.1

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.

6.4
2011-06-30 CVE-2009-5078 GNU
Apple
7PK - Security Features vulnerability in multiple products

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

6.4
2011-07-01 CVE-2011-2641 Opera Resource Management Errors vulnerability in Opera Browser 11.11

Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.

5.0
2011-07-01 CVE-2011-2640 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.

5.0
2011-07-01 CVE-2011-2639 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.

5.0
2011-07-01 CVE-2011-2638 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.

5.0
2011-07-01 CVE-2011-2637 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.

5.0
2011-07-01 CVE-2011-2636 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.

5.0
2011-07-01 CVE-2011-2635 Opera Resource Management Errors vulnerability in Opera Browser

The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.

5.0
2011-07-01 CVE-2011-2634 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.

5.0
2011-07-01 CVE-2011-2633 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.

5.0
2011-07-01 CVE-2011-2632 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl.

5.0
2011-07-01 CVE-2011-2631 Opera Improper Input Validation vulnerability in Opera Browser

The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.

5.0
2011-07-01 CVE-2011-2629 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.

5.0
2011-07-01 CVE-2011-2627 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.

5.0
2011-07-01 CVE-2011-2626 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.

5.0
2011-07-01 CVE-2011-2625 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.

5.0
2011-07-01 CVE-2011-2623 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.

5.0
2011-07-01 CVE-2011-2622 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5.0
2011-07-01 CVE-2011-2621 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.

5.0
2011-07-01 CVE-2011-2620 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.

5.0
2011-07-01 CVE-2011-2619 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style Sheets (CSS).

5.0
2011-07-01 CVE-2011-2618 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.

5.0
2011-07-01 CVE-2011-2617 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.

5.0
2011-07-01 CVE-2011-2616 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

5.0
2011-07-01 CVE-2011-2615 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.

5.0
2011-07-01 CVE-2011-2614 Opera Resource Management Errors vulnerability in Opera Browser

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.

5.0
2011-07-01 CVE-2011-2613 Opera Resource Management Errors vulnerability in Opera Browser

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.

5.0
2011-07-01 CVE-2011-2612 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.

5.0
2011-07-01 CVE-2011-1515 HP Resource Management Errors vulnerability in HP Openview Storage Data Protector

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.

5.0
2011-07-01 CVE-2011-1514 HP Denial-Of-Service vulnerability in OpenView Storage Data Protector

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.

5.0
2011-06-30 CVE-2011-2377 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5.0
2011-06-30 CVE-2011-2370 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.

5.0
2011-06-30 CVE-2011-2362 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

5.0
2011-07-01 CVE-2011-2630 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.

4.3
2011-07-01 CVE-2011-2624 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.

4.3
2011-07-01 CVE-2011-2611 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.

4.3
2011-07-01 CVE-2011-2609 Opera Cross-Site Scripting vulnerability in Opera Browser

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

4.3
2011-07-01 CVE-2011-1337 Opera Resource Management Errors vulnerability in Opera Browser

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

4.3
2011-06-30 CVE-2011-2607 IBM Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513.

4.3
2011-06-30 CVE-2011-2606 IBM Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.

4.3
2011-06-30 CVE-2011-2605 Mozilla Code Injection vulnerability in Mozilla Firefox and Thunderbird

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

4.3
2011-06-30 CVE-2011-2369 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox 4.0/4.0.1

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.

4.3
2011-06-30 CVE-2011-2599 Google Information Exposure vulnerability in Google Chrome 11

Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3
2011-06-30 CVE-2011-2598 Mozilla Information Exposure vulnerability in Mozilla Firefox 4.0/4.0.1

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.

4.3
2011-06-30 CVE-2011-2366 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Gecko and Thunderbird

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3
2011-06-30 CVE-2011-2197 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

4.3
2011-06-29 CVE-2011-2470 Reallysimplechat Cross-Site Scripting vulnerability in Reallysimplechat Really Simple Chat 3.3

Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter.

4.3
2011-06-29 CVE-2011-2345 Google Out-Of-Bounds Read vulnerability in Google Chrome

The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

4.3
2011-06-29 CVE-2011-2180 Reallysimplechat Cross-Site Scripting vulnerability in Reallysimplechat Really Simple Chat 3.3

Cross-site scripting (XSS) vulnerability in dereferer.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_link parameter.

4.3
2011-06-29 CVE-2011-1335 Cybozu Cross-Site Scripting vulnerability in Cybozu Office 6/7/8

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."

4.3
2011-06-29 CVE-2011-1334 Cybozu Cross-Site Scripting vulnerability in Cybozu products

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."

4.3
2011-06-29 CVE-2011-1333 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon and Office

Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."

4.3
2011-06-29 CVE-2011-1332 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-06-30 CVE-2009-5082 GNU
Openwall
Link Following vulnerability in GNU Groff 1.20.1

The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.3
2011-06-30 CVE-2009-5081 GNU Link Following vulnerability in GNU Groff

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

3.3
2011-06-30 CVE-2009-5080 GNU Link Following vulnerability in GNU Groff

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

3.3
2011-06-30 CVE-2009-5079 GNU Link Following vulnerability in GNU Groff

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

3.3
2011-06-29 CVE-2011-2204 Apache Information Exposure vulnerability in Apache Tomcat

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

1.9