Weekly Vulnerabilities Reports > January 30 to February 5, 2012

Overview

61 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 55 products from 29 vendors including Apple, Siemens, Mozilla, Linux, and Suse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 56 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 57 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Siemens has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-02-03 CVE-2011-4514 Siemens Improper Authentication vulnerability in Siemens products

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.

10.0
2012-02-03 CVE-2011-4513 Siemens Remote Security vulnerability in SIMATIC Wincc Runtime Advanced

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

10.0
2012-02-03 CVE-2011-4509 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens products

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

10.0
2012-02-03 CVE-2011-4791 HP Code Injection vulnerability in HP Data Protector Media Operations

DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.

10.0
2012-02-01 CVE-2012-0444 Mozilla
Debian
Opensuse
Suse
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

10.0
2012-02-01 CVE-2012-0443 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2012-02-03 CVE-2011-4876 Siemens Path Traversal vulnerability in Siemens products

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a ..

9.3
2012-02-03 CVE-2011-4875 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.

9.3
2012-02-03 CVE-2011-4508 Siemens Improper Authentication vulnerability in Siemens products

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

9.3
2012-02-02 CVE-2012-0977 Luratech Buffer Errors vulnerability in Luratech Lurawave JP2 Activex Control 2.1.5.5

Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

9.3
2012-02-02 CVE-2011-4790 HP Unspecified vulnerability in HP Network Automation

Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

9.3
2012-02-01 CVE-2012-0449 Mozilla
Debian
Opensuse
Suse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

9.3
2012-02-01 CVE-2012-0442 Mozilla
Debian
Opensuse
Suse
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
9.3
2012-02-01 CVE-2011-3659 Mozilla
Opensuse
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-02-03 CVE-2011-4879 Siemens Improper Input Validation vulnerability in Siemens products

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.

8.5
2012-02-03 CVE-2011-4878 Siemens Path Traversal vulnerability in Siemens products

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

7.8
2012-02-02 CVE-2011-2393 Freebsd
Netbsd
Resource Management Errors vulnerability in multiple products

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.

7.8
2012-02-02 CVE-2011-2525 Linux
Redhat
NULL Pointer Dereference vulnerability in multiple products

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

7.8
2012-02-02 CVE-2011-3460 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

7.5
2012-02-02 CVE-2011-3457 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.

7.5
2012-02-02 CVE-2011-3453 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.

7.5
2012-02-02 CVE-2011-3446 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.

7.5
2012-02-02 CVE-2012-0983 Scriptsez SQL Injection vulnerability in Scriptsez EZ Album

SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

7.5
2012-02-02 CVE-2012-0982 Vastal SQL Injection vulnerability in Vastal Agent Zone

SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.

7.5
2012-02-02 CVE-2012-0980 Phux SQL Injection vulnerability in Phux Download Manager

SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.

7.5
2012-02-02 CVE-2011-4194 Novell
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Open Enterprise Server

Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.

7.5
2012-02-02 CVE-2011-3463 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.

7.2
2012-02-01 CVE-2012-0809 Todd Miller USE of Externally-Controlled Format String vulnerability in Todd Miller Sudo

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

7.2
2012-02-03 CVE-2011-4877 Siemens Improper Input Validation vulnerability in Siemens products

HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.

7.1

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-02-03 CVE-2012-0314 Emobile Cross-Site Request Forgery (CSRF) vulnerability in Emobile Pocket Wifi and Pocket Wifi Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

6.8
2012-02-02 CVE-2011-3459 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

6.8
2012-02-02 CVE-2011-3458 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.

6.8
2012-02-02 CVE-2011-3450 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

6.8
2012-02-02 CVE-2011-3449 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8
2012-02-02 CVE-2011-3448 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

6.8
2012-02-02 CVE-2012-0978 Luratech Buffer Errors vulnerability in Luratech Lurawave JP2 Browser Plug-In 1.1.1.11

Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

6.8
2012-02-02 CVE-2011-4144 EMC
Centos
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
6.8
2012-02-02 CVE-2012-0057 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

6.4
2012-02-02 CVE-2011-1573 Linux Incorrect Calculation vulnerability in Linux Kernel

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.

5.9
2012-02-02 CVE-2012-0440 Mozilla Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

5.1
2012-02-03 CVE-2011-4512 Siemens Code Injection vulnerability in Siemens products

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.0
2012-02-02 CVE-2011-3462 Apple Security Bypass vulnerability in Apple Mac OS X

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

5.0
2012-02-02 CVE-2012-0981 Kybernetika Path Traversal vulnerability in Kybernetika PHPshowtime 2.0

Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a ..

5.0
2012-02-02 CVE-2010-4563 Linux Information Exposure vulnerability in Linux Kernel

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

5.0
2012-02-01 CVE-2012-0447 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.

5.0
2012-02-01 CVE-2012-0445 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.

5.0
2012-02-01 CVE-2011-3670 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.

5.0
2012-01-30 CVE-2012-0817 Samba Information Exposure vulnerability in Samba 3.6.0/3.6.1/3.6.2

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

5.0
2012-02-03 CVE-2011-4511 Siemens Cross-Site Scripting vulnerability in Siemens products

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.

4.3
2012-02-03 CVE-2011-4510 Siemens Cross-Site Scripting vulnerability in Siemens products

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.

4.3
2012-02-02 CVE-2011-3452 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

4.3
2012-02-02 CVE-2011-3447 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.

4.3
2012-02-02 CVE-2011-3444 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

4.3
2012-02-02 CVE-2012-0979 Twiki Cross-Site Scripting vulnerability in Twiki 5.1.1

Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.

4.3
2012-02-02 CVE-2012-0975 Clixint Cross-Site Scripting vulnerability in Clixint Image Hosting Script DPI 1.0

Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter.

4.3
2012-02-02 CVE-2010-4562 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

4.3
2012-02-01 CVE-2012-0446 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

4.3
2012-02-02 CVE-2012-0448 Mozilla Improper Input Validation vulnerability in Mozilla Bugzilla

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-02-05 CVE-2011-4872 HTC Information Exposure vulnerability in HTC products

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

2.6
2012-02-02 CVE-2012-0976 Silverstripe Cross-Site Scripting vulnerability in Silverstripe 2.4.6

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter.

2.1
2012-02-01 CVE-2012-0450 Mozilla
Apple
Linux
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

2.1