CVE-2009-1305 (firefox, seamonkey, thunderbird) The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1305
Posts Tagged ‘Java’
1304 (firefox, seamonkey, thunderbird)
CVE-2009-1304 (firefox, seamonkey, thunderbird) The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1304
Oracle buys Sun
Oracle buys Sun Sun Microsystems will be acquired by Oracle in a deal valued at $7.4 billion, the company announced today. With the acquisition, Oracle gets the popular Java programming language, as well as the Solaris operating system, which has been a major platform for the Oracle database. The deal comes only two weeks after [...]
Forget your password? Use your phone
Forget your password? Use your phone FireID was set to announce at RSA 2009 on Monday technology that allows people to access multiple Web sites on their mobile phone without having to remember all the passwords. The FireID universal personal authenticator app turns any phone that runs Java into a one-time password generator and generates [...]
POC – Sun Java System Acccess Manager & Identity Manager Users Enumeration
POC – Sun Java System Acccess Manager & Identity Manager Users Enumeration <!– Envelope-to: email@address Delivery-date: Tue, 07 Apr 2009 18:22:33 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LrF0L-0004rH-G6 for email@address; Tue, 07 Apr 2009 18:22:33 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id D44E2143BE4; [...]
POC – Sun Java System Acccess Manager amp Identity Manager Users Enumeration
POC – Sun Java System Acccess Manager amp Identity Manager Users Enumeration Posted by Marco Mella on Apr 7 ============================================================ Sun Java System Acccess Manager & Identity Manager Users Enumeration ============================================================ Affected Software: Sun Java System Access Server, OpenSSo … URL: http://seclists.org/fulldisclosure/2009/Apr/0057.html
Advanced JavaScript obfuscation (or why signature scanning is a failure), (Tue, Apr 7th)
Advanced JavaScript obfuscation (or why signature scanning is a failure), (Tue, Apr 7th) Couple of days ago one of our readers, Mike, submitted a URL to another heavily obfuscated JavaScript. It appeared very interesting so I decided to spend some time figuring out how it works. While it was not ground breaking, the attackers did [...]
Hulu tries HTML encoding trick to protect streaming content
Hulu tries HTML encoding trick to protect streaming content Hulu has apparently taken steps to thwart nontraditional browsers from accessing its video content by using JavaScript to encode and decode HTML sent to the browser. The move is clearly an attempt to prevent third-parties from displaying the site’s video streams outside of approved Web browsers, [...]
SAP BusinessObjects Crystal Reports viewreport.asp Multiple Parameter XSS
SAP BusinessObjects Crystal Reports viewreport.asp Multiple Parameter XSS Posted by Bugs NotHugs on Apr 2 – SAP BusinessObjects Crystal Reports viewreport.asp Multiple Parameter XSS – Description Cross-site scripting; vbscript rather than javascript. Subsequent page will contain pop up reading "fsck_cissp". ID, PROMPTEX-SESSION_ID, PROMPTEX-TO_DATE, PROMPTEX-FROM_DATE,… URL: http://seclists.org/fulldisclosure/2009/Apr/0011.html
Internet Explorer 8.1 Eagle Eyes Leaked
Internet Explorer 8.1 Eagle Eyes Leaked Smashing Magazine tries to be at the forefront of new and exciting developments in the wide world of the web. You might have heard that we met with the IE 8 Chief Strategist in the past, so it should come as no surprise that we like to keep up [...]
1219 (java_system_access_manager, java_system_calendar_server, one_calendar_server)
CVE-2009-1219 (java_system_access_manager, java_system_calendar_server, one_calendar_server) Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1219
Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
Vuln: Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability URL: http://www.securityfocus.com/bid/17981
api)
CVE-2007-6721 (bouncy-castle-crypto-package, legion-of-the-bouncy-castle-java-crytography-api) The Legion of the Bouncy Castle Java Cryptography API before release 1.38 (aka 2.5.2), as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to “a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.” URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6721
Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability
iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability <!– Envelope-to: email@address Delivery-date: Fri, 27 Mar 2009 19:37:34 +0000 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LnHry-0003uj-6R for email@address; Fri, 27 Mar 2009 19:37:34 +0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP [...]
Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability
iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability <!– Envelope-to: email@address Delivery-date: Fri, 27 Mar 2009 19:28:05 +0000 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LnHin-0003jH-7g for email@address; Fri, 27 Mar 2009 19:28:05 +0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with [...]
