| nessus
via4
|
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201405-13.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201405-13
(Pango: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Pango. Please review
the CVE identifiers referenced below for details.
Impact :
A context-dependent attacker could entice a user to load specially
crafted text using an application linked against Pango, possibly
resulting in execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2015-04-13 | | plugin id | 74056 | | published | 2014-05-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74056 | | title | GLSA-201405-13 : Pango: Multiple vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PANGO-6801.NASL | | description | A long glyph string can trigger a heap-based buffer overflow in pango.
(CVE-2009-1194) | | last seen | 2018-09-02 | | modified | 2012-06-14 | | plugin id | 44593 | | published | 2010-02-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44593 | | title | SuSE 10 Security Update : pango (ZYPP Patch Number 6801) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_4B1722783F4611DEBECB001CC0377035.NASL | | description | oCERT reports :
Pango suffers from a multiplicative integer overflow which may lead to
a potentially exploitable, heap overflow depending on the calling
conditions.
For example, this vulnerability is remotely reachable in Firefox by
creating an overly large document.location value but only results in a
process-terminating, allocation error (denial of service).
The affected function is pango_glyph_string_set_size. An overflow
check when doubling the size neglects the overflow possible on the
subsequent allocation. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 38751 | | published | 2009-05-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=38751 | | title | FreeBSD : pango -- integer overflow (4b172278-3f46-11de-becb-001cc0377035) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2009-0476.NASL | | description | From Red Hat Security Advisory 2009:0476 :
Updated pango and evolution28-pango packages that fix an integer
overflow flaw are now available for Red Hat Enterprise Linux 3, 4, and
5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Pango is a library used for the layout and rendering of
internationalized text.
Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass
an arbitrarily long string to Pango, it may be possible to execute
arbitrary code with the permissions of the application calling Pango.
(CVE-2009-1194)
pango and evolution28-pango users are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. After installing this update, you must restart your system or
restart the X server for the update to take effect. Note: Restarting
the X server closes all open applications and logs you out of your
session. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 67856 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67856 | | title | Oracle Linux 3 / 4 / 5 : pango (ELSA-2009-0476) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2009-0476.NASL | | description | Updated pango and evolution28-pango packages that fix an integer
overflow flaw are now available for Red Hat Enterprise Linux 3, 4, and
5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Pango is a library used for the layout and rendering of
internationalized text.
Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass
an arbitrarily long string to Pango, it may be possible to execute
arbitrary code with the permissions of the application calling Pango.
(CVE-2009-1194)
pango and evolution28-pango users are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. After installing this update, you must restart your system or
restart the X server for the update to take effect. Note: Restarting
the X server closes all open applications and logs you out of your
session. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 38721 | | published | 2009-05-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=38721 | | title | CentOS 3 / 4 / 5 : pango (CESA-2009:0476) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_PANGO-100127.NASL | | description | A long glyph string can trigger a heap-based buffer overflow in pango.
(CVE-2009-1194) | | last seen | 2018-09-02 | | modified | 2013-10-25 | | plugin id | 44592 | | published | 2010-02-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44592 | | title | SuSE 11 Security Update : pango (SAT Patch Number 1880) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_PANGO-6800.NASL | | description | A long glyph string can trigger a heap-based buffer overflow in pango.
(CVE-2009-1194) | | last seen | 2018-09-01 | | modified | 2012-06-14 | | plugin id | 49911 | | published | 2010-10-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=49911 | | title | SuSE 10 Security Update : pango (ZYPP Patch Number 6800) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20090508_PANGO_ON_SL3_X.NASL | | description | Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass
an arbitrarily long string to Pango, it may be possible to execute
arbitrary code with the permissions of the application calling Pango.
(CVE-2009-1194)
After installing this update, you must restart your system or restart
the X server for the update to take effect. Note: Restarting the X
server closes all open applications and logs you out of your session. | | last seen | 2019-01-16 | | modified | 2019-01-02 | | plugin id | 60582 | | published | 2012-08-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=60582 | | title | Scientific Linux Security Update : pango on SL3.x, SL4.x, SL5.x i386/x86_64 |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2009-158.NASL | | description | Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.
This update corrects the issue.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 40359 | | published | 2009-07-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40359 | | title | Mandriva Linux Security Advisory : pango (MDVSA-2009:158-3) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-773-1.NASL | | description | Will Drewry discovered that Pango incorrectly handled rendering text
with long glyphstrings. If a user were tricked into displaying
specially crafted data with applications linked against Pango, such as
Firefox, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-28 | | plugin id | 38716 | | published | 2009-05-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=38716 | | title | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : pango1.0 vulnerability (USN-773-1) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_MOZILLAFIREFOX-6379.NASL | | description | The MozillaFirefox 3.0.12 release fixes various bugs and some critical
security issues.
MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 /
CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community
members identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products. Some of these
crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter
reported that when a page contains a Flash object which presents a
slow script dialog, and the page is navigated while the dialog is
still visible to the user, the Flash plugin is unloaded resulting in a
crash due to a call to the deleted object. This crash could
potentially be used by an attacker to run arbitrary code on a victim's
computer.
MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry
reported a series of heap and integer overflow vulnerabilities which
independently affected multiple font glyph rendering libraries. On
Linux platforms libpango was susceptible to the vulnerabilities while
on OS X CoreGraphics was similarly vulnerable. An attacker could
trigger these overflows by constructing a very large text run for the
browser to display. Such an overflow can result in a crash which the
attacker could potentially use to run arbitrary code on a victim's
computer. The open-source nature of Linux meant that Mozilla was able
to work with the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was distributed with OS
security updates. On Mac OS X Firefox works around the CoreGraphics
flaw by limiting the length of text runs passed to the system.
MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a
crash involving a SVG element on which a watch function and
__defineSetter__ function have been set for a particular property. The
crash showed evidence of memory corruption and could potentially be
used by an attacker to run arbitrary code on a victim's computer.
MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported
that setTimeout, when called with certain object parameters which
should be protected with a XPCNativeWrapper, will fail to keep the
object wrapped when compiling the new function to be executed. If
chrome privileged code were to call setTimeout using this as an
argument, the this object will lose its wrapper and could be unsafely
accessed by chrome code. An attacker could use such vulnerable code to
run arbitrary JavaScript with chrome privileges.
MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4
reported a series of vulnerabilities in which objects that normally
receive a XPCCrossOriginWrapper are constructed without the wrapper.
This can lead to cases where JavaScript from one website may unsafely
access properties of such an object which had been set by a different
website. A malicious website could use this vulnerability to launch a
XSS attack and run arbitrary JavaScript within the context of another
site. | | last seen | 2019-01-16 | | modified | 2016-12-22 | | plugin id | 41983 | | published | 2009-10-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=41983 | | title | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6379) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2009-1162.NASL | | description | Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465,
CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
Several flaws were found in the way Firefox handles malformed
JavaScript code. A website containing malicious content could launch a
cross-site scripting (XSS) attack or execute arbitrary JavaScript with
the permissions of another website. (CVE-2009-2472)
For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 3.0.12. You can find a link to the
Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which
contain Firefox version 3.0.12, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect. | | last seen | 2019-01-16 | | modified | 2018-12-20 | | plugin id | 40340 | | published | 2009-07-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40340 | | title | RHEL 4 / 5 : firefox (RHSA-2009:1162) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_0_PANGO-100119.NASL | | description | Long glyph string could trigger a heap-based buffer overflow in pango
(CVE-2009-1194). | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 44609 | | published | 2010-02-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44609 | | title | openSUSE Security Update : pango (pango-1829) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_0_MOZILLAFIREFOX-090724.NASL | | description | The MozillaFirefox 3.0.12 release fixes various bugs and some critical
security issues.
MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 /
CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community
members identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products. Some of these
crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter
reported that when a page contains a Flash object which presents a
slow script dialog, and the page is navigated while the dialog is
still visible to the user, the Flash plugin is unloaded resulting in a
crash due to a call to the deleted object. This crash could
potentially be used by an attacker to run arbitrary code on a victim's
computer.
MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry
reported a series of heap and integer overflow vulnerabilities which
independently affected multiple font glyph rendering libraries. On
Linux platforms libpango was susceptible to the vulnerabilities while
on OS X CoreGraphics was similarly vulnerable. An attacker could
trigger these overflows by constructing a very large text run for the
browser to display. Such an overflow can result in a crash which the
attacker could potentially use to run arbitrary code on a victim's
computer. The open-source nature of Linux meant that Mozilla was able
to work with the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was distributed with OS
security updates. On Mac OS X Firefox works around the CoreGraphics
flaw by limiting the length of text runs passed to the system.
MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a
crash involving a SVG element on which a watch function and
__defineSetter__ function have been set for a particular property. The
crash showed evidence of memory corruption and could potentially be
used by an attacker to run arbitrary code on a victim's computer.
MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported
that setTimeout, when called with certain object parameters which
should be protected with a XPCNativeWrapper, will fail to keep the
object wrapped when compiling the new function to be executed. If
chrome privileged code were to call setTimeout using this as an
argument, the this object will lose its wrapper and could be unsafely
accessed by chrome code. An attacker could use such vulnerable code to
run arbitrary JavaScript with chrome privileges.
MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4
reported a series of vulnerabilities in which objects that normally
receive a XPCCrossOriginWrapper are constructed without the wrapper.
This can lead to cases where JavaScript from one website may unsafely
access properties of such an object which had been set by a different
website. A malicious website could use this vulnerability to launch a
XSS attack and run arbitrary JavaScript within the context of another
site. | | last seen | 2019-01-16 | | modified | 2016-12-21 | | plugin id | 40403 | | published | 2009-07-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40403 | | title | openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2009-1162.NASL | | description | Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465,
CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
Several flaws were found in the way Firefox handles malformed
JavaScript code. A website containing malicious content could launch a
cross-site scripting (XSS) attack or execute arbitrary JavaScript with
the permissions of another website. (CVE-2009-2472)
For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 3.0.12. You can find a link to the
Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which
contain Firefox version 3.0.12, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 43769 | | published | 2010-01-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=43769 | | title | CentOS 5 : firefox (CESA-2009:1162) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2009-0476.NASL | | description | Updated pango and evolution28-pango packages that fix an integer
overflow flaw are now available for Red Hat Enterprise Linux 3, 4, and
5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Pango is a library used for the layout and rendering of
internationalized text.
Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass
an arbitrarily long string to Pango, it may be possible to execute
arbitrary code with the permissions of the application calling Pango.
(CVE-2009-1194)
pango and evolution28-pango users are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. After installing this update, you must restart your system or
restart the X server for the update to take effect. Note: Restarting
the X server closes all open applications and logs you out of your
session. | | last seen | 2019-01-16 | | modified | 2018-11-27 | | plugin id | 38732 | | published | 2009-05-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=38732 | | title | RHEL 3 / 4 / 5 : pango (RHSA-2009:0476) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_1_MOZILLAFIREFOX-090724.NASL | | description | The MozillaFirefox 3.0.12 release fixes various bugs and some critical
security issues.
MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 /
CVE-2009-2465 / CVE-2009-2466: Mozilla developers and community
members identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products. Some of these
crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.
MFSA 2009-35 / CVE-2009-2467: Security researcher Attila Suszter
reported that when a page contains a Flash object which presents a
slow script dialog, and the page is navigated while the dialog is
still visible to the user, the Flash plugin is unloaded resulting in a
crash due to a call to the deleted object. This crash could
potentially be used by an attacker to run arbitrary code on a victim's
computer.
MFSA 2009-36 / CVE-2009-1194: oCERT security researcher Will Drewry
reported a series of heap and integer overflow vulnerabilities which
independently affected multiple font glyph rendering libraries. On
Linux platforms libpango was susceptible to the vulnerabilities while
on OS X CoreGraphics was similarly vulnerable. An attacker could
trigger these overflows by constructing a very large text run for the
browser to display. Such an overflow can result in a crash which the
attacker could potentially use to run arbitrary code on a victim's
computer. The open-source nature of Linux meant that Mozilla was able
to work with the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was distributed with OS
security updates. On Mac OS X Firefox works around the CoreGraphics
flaw by limiting the length of text runs passed to the system.
MFSA 2009-37 / CVE-2009-2469: Security researcher PenPal reported a
crash involving a SVG element on which a watch function and
__defineSetter__ function have been set for a particular property. The
crash showed evidence of memory corruption and could potentially be
used by an attacker to run arbitrary code on a victim's computer.
MFSA 2009-39 / CVE-2009-2471: Mozilla developer Blake Kaplan reported
that setTimeout, when called with certain object parameters which
should be protected with a XPCNativeWrapper, will fail to keep the
object wrapped when compiling the new function to be executed. If
chrome privileged code were to call setTimeout using this as an
argument, the this object will lose its wrapper and could be unsafely
accessed by chrome code. An attacker could use such vulnerable code to
run arbitrary JavaScript with chrome privileges.
MFSA 2009-40 / CVE-2009-2472: Mozilla security researcher moz_bug_r_a4
reported a series of vulnerabilities in which objects that normally
receive a XPCCrossOriginWrapper are constructed without the wrapper.
This can lead to cases where JavaScript from one website may unsafely
access properties of such an object which had been set by a different
website. A malicious website could use this vulnerability to launch a
XSS attack and run arbitrary JavaScript within the context of another
site. | | last seen | 2019-01-16 | | modified | 2016-12-21 | | plugin id | 40404 | | published | 2009-07-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40404 | | title | openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE9_12575.NASL | | description | A long glyph string can trigger a heap-based buffer overflow in pango.
(CVE-2009-1194) | | last seen | 2018-09-02 | | modified | 2012-06-14 | | plugin id | 44591 | | published | 2010-02-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44591 | | title | SuSE9 Security Update : pango (YOU Patch Number 12575) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_1_PANGO-100119.NASL | | description | Long glyph string could trigger a heap-based buffer overflow in pango
(CVE-2009-1194). | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 44614 | | published | 2010-02-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=44614 | | title | openSUSE Security Update : pango (pango-1829) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_MOZILLAFIREFOX-090724.NASL | | description | The Mozilla Firefox 3.0.12 release fixes various bugs and some
critical security issues.
- Mozilla developers and community members identified and
fixed several stability bugs in the browser engine used
in Firefox and other Mozilla-based products. Some of
these crashes showed evidence of memory corruption under
certain circumstances and we presume that with enough
effort at least some of these could be exploited to run
arbitrary code. (MFSA 2009-34 / CVE-2009-2462 /
CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 /
CVE-2009-2466)
- Security researcher Attila Suszter reported that when a
page contains a Flash object which presents a slow
script dialog, and the page is navigated while the
dialog is still visible to the user, the Flash plugin is
unloaded resulting in a crash due to a call to the
deleted object. This crash could potentially be used by
an attacker to run arbitrary code on a victim's
computer. (MFSA 2009-35 / CVE-2009-2467)
- oCERT security researcher Will Drewry reported a series
of heap and integer overflow vulnerabilities which
independently affected multiple font glyph rendering
libraries. On Linux platforms libpango was susceptible
to the vulnerabilities while on OS X CoreGraphics was
similarly vulnerable. An attacker could trigger these
overflows by constructing a very large text run for the
browser to display. Such an overflow can result in a
crash which the attacker could potentially use to run
arbitrary code on a victim's computer. The open source
nature of Linux meant that Mozilla was able to work with
the libpango maintainers to implement the correct fix in
version 1.24 of that system library which was
distributed with OS security updates. On Mac OS X
Firefox works around the CoreGraphics flaw by limiting
the length of text runs passed to the system. (MFSA
2009-36 / CVE-2009-1194)
- Security researcher PenPal reported a crash involving a
SVG element on which a watch function and
__defineSetter__ function have been set for a particular
property. The crash showed evidence of memory corruption
and could potentially be used by an attacker to run
arbitrary code on a victim's computer. (MFSA 2009-37 /
CVE-2009-2469)
- Mozilla developer Blake Kaplan reported that setTimeout,
when called with certain object parameters which should
be protected with a XPCNativeWrapper, will fail to keep
the object wrapped when compiling the new function to be
executed. If chrome privileged code were to call
setTimeout using this as an argument, the this object
will lose its wrapper and could be unsafely accessed by
chrome code. An attacker could use such vulnerable code
to run arbitrary JavaScript with chrome privileges.
(MFSA 2009-39 / CVE-2009-2471)
- Mozilla security researcher moz_bug_r_a4 reported a
series of vulnerabilities in which objects that normally
receive a XPCCrossOriginWrapper are constructed without
the wrapper. This can lead to cases where JavaScript
from one website may unsafely access properties of such
an object which had been set by a different website. A
malicious website could use this vulnerability to launch
a XSS attack and run arbitrary JavaScript within the
context of another site. (MFSA 2009-40 / CVE-2009-2472) | | last seen | 2019-01-16 | | modified | 2016-12-21 | | plugin id | 41357 | | published | 2009-09-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=41357 | | title | SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1134) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_FIREFOX3-PANGO-7097.NASL | | description | Long glyph string could trigger a heap-based buffer overflow in pango.
(CVE-2009-1194) | | last seen | 2018-09-02 | | modified | 2012-06-14 | | plugin id | 50080 | | published | 2010-10-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=50080 | | title | SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7097) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_PANGO-090428.NASL | | description | This update of pango fixes a segfault in libpango that can be
triggered by visiting websites. (CVE-2009-1194) | | last seen | 2019-01-16 | | modified | 2014-04-03 | | plugin id | 41447 | | published | 2009-09-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=41447 | | title | SuSE 11 Security Update : pango (SAT Patch Number 825) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2009-1162.NASL | | description | From Red Hat Security Advisory 2009:1162 :
Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465,
CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471)
Several flaws were found in the way Firefox handles malformed
JavaScript code. A website containing malicious content could launch a
cross-site scripting (XSS) attack or execute arbitrary JavaScript with
the permissions of another website. (CVE-2009-2472)
For technical details regarding these flaws, refer to the Mozilla
security advisories for Firefox 3.0.12. You can find a link to the
Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which
contain Firefox version 3.0.12, which corrects these issues. After
installing the update, Firefox must be restarted for the changes to
take effect. | | last seen | 2019-01-16 | | modified | 2018-08-13 | | plugin id | 67893 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67893 | | title | Oracle Linux 4 / 5 : firefox (ELSA-2009-1162) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_1_PANGO-090512.NASL | | description | This update of pango fixes a segfault in libpango that can be
triggered by visiting websites. (CVE-2009-1194) | | last seen | 2019-01-16 | | modified | 2014-06-13 | | plugin id | 40294 | | published | 2009-07-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40294 | | title | openSUSE Security Update : pango (pango-824) |
| NASL family | Windows | | NASL id | MOZILLA_FIREFOX_3012.NASL | | description | The installed version of Firefox is earlier than 3.0.12. Such versions
are potentially affected by the following security issues :
- Multiple memory corruption vulnerabilities could
potentially be exploited to execute arbitrary code.
(MFSA 2009-34)
- It may be possible to crash the browser or potentially
execute arbitrary code by using a flash object that
presents a slow script dialog. (MFSA 2009-35)
- Glyph rendering libraries are affected by multiple heap/
integer overflows. (MFSA 2009-36)
- A vulnerability involving SVG element could be exploited
to crash the browser or execute arbitrary code on the
remote system. (MFSA 2009-37)
- A SOCKS5 proxy that replies with a hostname containing
more than 15 characters can corrupt the subsequent
data stream. This can lead to a denial of service,
though there is reportedly no memory corruption.
(MFSA 2009-38)
- A vulnerability in 'setTimeout' could allow unsafe
access to the 'this' object from chrome code. An
attacker could exploit this flaw to run arbitrary
JavaScript with chrome privileges. (MFSA 2009-39)
- It may be possible for JavaScript from one website
to bypass cross origin wrapper, and unsafely access
properties of an object from another website.
(MFSA 2009-40) | | last seen | 2019-01-16 | | modified | 2018-07-16 | | plugin id | 40351 | | published | 2009-07-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=40351 | | title | Firefox < 3.0.12 Multiple Vulnerabilities |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-1798.NASL | | description | Will Drewry discovered that pango, a system for layout and rendering
of internationalized text, is prone to an integer overflow via long
glyphstrings. This could cause the execution of arbitrary code when
displaying crafted data through an application using the pango
library. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 38725 | | published | 2009-05-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=38725 | | title | Debian DSA-1798-1 : pango1.0 - integer overflow |
|
