Mozilla Firefox/Thunderbird/SeaMonkey – XSLT Integer Overflow

Exploit Database
121 阅读

作者： Martin Barbella

日期： 2010-06-22
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/34192/

source: https://www.securityfocus.com/bid/41082/info

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in denial-of-service conditions.

These issues are fixed in:

Firefox 3.6.4
Firefox 3.5.10
Thunderbird 3.0.5
SeaMonkey 2.0.5

NOTE: This issue was previously covered in BID 41050 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 Remote Vulnerabilities) but has been given its own record to better document it.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34192.zip

last Exploits
Mozilla Firefox/Thunderbird/SeaMonkey – XSLT Integer Overflow的更多信息

PHP 7.2 – ‘imagecolormatch()’ Out of Band Heap Write：
D-Link DCS-5605 Network Surveillance – ActiveX Control ‘DcsCliCtrl.dll’ lstrcpyW Remote Buffer Overflow：
Worldweaver DX Studio Player 3.0.29 – ‘shell.execute()’ Command Execution (Metasploit)：
Oracle Document Capture – Actbar2.ocx Insecure Method：
NTR – ActiveX Control ‘Check()’ Method Buffer Overflow (Metasploit)：
Adobe RoboHelp Server 8 – Arbitrary File Upload / Execution (Metasploit)：
tftp desktop 2.5 – Directory Traversal：
XtreamerPRO Media-player 2.6.0/2.7.0 – Multiple Vulnerabilities：