![]() ![]() ![]() Use-after-free vulnerability in the nsRefreshDriver::Tick function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Seamonkey before 2.46 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. The nsImageGeometryMixin class in Seamonkey before 2.46 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. The PropertyProvider::GetSpacingInternal function in Seamonkey before 2.46 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. ![]() Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Seamonkey before 2.46 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. Updated Iceape packages derived from Seamonkey include security fixes from Mozilla Firefox: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |