Well for all that its worth lulzsec is still a hell of a lot more interesting than these zdi posts that spam (not really spam, etc yes I know) this list without getting into any real details..not to mention the horrible business terminology throughout them...best of breed and nonsense I dont think a coder wouldve churned up.
#rantover > ------------------------------ > > Message: 16 > Date: Tue, 21 Jun 2011 16:21:37 +0000 > From: ZDI Disclosures <[email protected]> > Subject: [Full-disclosure] ZDI-11-223: Mozilla Firefox > SVGPathSegList.replaceItem Remote Code Execution Vulnerability > To: "'[email protected]'" > <[email protected]>, "'[email protected] '" > <[email protected]> > Message-ID: > < af6e290b52139041bd6ca591212e455b5764706...@gvw0442exb.americas.hpqcorp.net> > > Content-Type: text/plain; charset="us-ascii" > > ZDI-11-223: Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability > > http://www.zerodayinitiative.com/advisories/ZDI-11-223 > > June 21, 2011 > > -- CVE ID: > CVE-2011-0083 > > -- CVSS: > 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) > > -- Affected Vendors: > Mozilla > > -- Affected Products: > Mozilla Firefox > > -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 11214. > For further product information on the TippingPoint IPS, visit: > > http://www.tippingpoint.com > > -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Mozilla Firefox. User interaction is > required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the code responsible for parsing SVG > path segment objects. The function nsSVGPathSegList::ReplaceItem() does > not account for deletion of the segment object list within a user > defined DOMAttrModified EventListener. Code within > nsSVGPathSegList::ReplaceItem() references the segment list without > verifying that it was not deleted in the aforementioned callback. This > can be abused to create a dangling reference which can be leveraged to > execute arbitrary code within the context of the browser. > > -- Vendor Response: > Mozilla has issued an update to correct this vulnerability. More > details can be found at: > > http://www.mozilla.org/security/announce/2011/mfsa2011-23.html > > -- Disclosure Timeline: > 2011-04-04 - Vulnerability reported to vendor > 2011-06-21 - Coordinated public release of advisory > > -- Credit: > This vulnerability was discovered by: > * regenrecht > > -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > http://www.zerodayinitiative.com > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > http://www.zerodayinitiative.com/advisories/disclosure_policy/ > > Follow the ZDI on Twitter: > > http://twitter.com/thezdi > > > > ------------------------------ > > Message: 17 > Date: Tue, 21 Jun 2011 16:25:23 +0000 > From: ZDI Disclosures <[email protected]> > Subject: [Full-disclosure] ZDI-11-224: Mozilla Firefox > SVGPointList.appendItem Remote Code Execution Vulnerability > To: "'[email protected]'" > <[email protected]>, "'[email protected] '" > <[email protected]> > Message-ID: > < af6e290b52139041bd6ca591212e455b5764706...@gvw0442exb.americas.hpqcorp.net> > > Content-Type: text/plain; charset="us-ascii" > > ZDI-11-224: Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability > > http://www.zerodayinitiative.com/advisories/ZDI-11-224 > > June 21, 2011 > > -- CVE ID: > CVE-2011-2363 > > -- CVSS: > 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) > > -- Affected Vendors: > Mozilla > > -- Affected Products: > Mozilla Firefox > > -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 11215. > For further product information on the TippingPoint IPS, visit: > > http://www.tippingpoint.com > > -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Mozilla Firefox. User interaction is > required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the code responsible for parsing SVG > polygon objects. The code within nsSVGPointList::AppendElement() does > not account for user defined getter methods modifying or destroying the > parent object during a repaint. An attacker can abuse this flaw to > create a dangling pointer which is referenced during the traversal of > the SVG container hierarchy. This can be leveraged to execute arbitrary > code within the context of the browser. > > -- Vendor Response: > Mozilla has issued an update to correct this vulnerability. More > details can be found at: > > http://www.mozilla.org/security/announce/2011/mfsa2011-23.html > > -- Disclosure Timeline: > 2011-04-06 - Vulnerability reported to vendor > 2011-06-21 - Coordinated public release of advisory > > -- Credit: > This vulnerability was discovered by: > * regenrecht > > -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > http://www.zerodayinitiative.com > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > http://www.zerodayinitiative.com/advisories/disclosure_policy/ > > Follow the ZDI on Twitter: > > http://twitter.com/thezdi > > > > ------------------------------ > > Message: 18 > Date: Tue, 21 Jun 2011 16:28:38 +0000 > From: ZDI Disclosures <[email protected]> > Subject: [Full-disclosure] ZDI-11-225: Mozilla Firefox > nsXULCommandDispatcher Remote Code Execution Vulnerability > To: "'[email protected]'" > <[email protected]>, "'[email protected] '" > <[email protected]> > Message-ID: > < af6e290b52139041bd6ca591212e455b5764706...@gvw0442exb.americas.hpqcorp.net> > > Content-Type: text/plain; charset="us-ascii" > > ZDI-11-225: Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability > > http://www.zerodayinitiative.com/advisories/ZDI-11-225 > > June 21, 2011 > > -- CVE ID: > CVE-2011-0085 > > -- CVSS: > 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) > > -- Affected Vendors: > Mozilla > > -- Affected Products: > Mozilla Firefox > > -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 11404. > For further product information on the TippingPoint IPS, visit: > > http://www.tippingpoint.com > > -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Firefox. User interaction is required to > exploit this vulnerability in that the target must visit a malicious > page or open a malicious file. > > The specific flaw exists within the nsXULCommandDispatcher.cpp source > code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to > force command dispatcher to remove all the updaters in the mUpdaters > chain including the one that is currently in use. As a result, the local > variable updater becomes a stale pointer and updater->mNext refers to > memory previously freed. Successful exploitation can lead to code > execution in the context of the browser. > > -- Vendor Response: > Mozilla has issued an update to correct this vulnerability. More > details can be found at: > > http://www.mozilla.org/security/announce/2011/mfsa2011-23.html > > -- Disclosure Timeline: > 2011-04-04 - Vulnerability reported to vendor > 2011-06-21 - Coordinated public release of advisory > > -- Credit: > This vulnerability was discovered by: > * regenrecht > > -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > http://www.zerodayinitiative.com > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > http://www.zerodayinitiative.com/advisories/disclosure_policy/ > > Follow the ZDI on Twitter: > > http://twitter.com/thezdi > > > > ------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > End of Full-Disclosure Digest, Vol 76, Issue 39 > ***********************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
