Miaubiz

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue is related to an integer overflow in the FontData::Bound function in Google sfntly, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This can be achieved by providing a crafted offset or length value within font data in an SFNT container. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.65 Opera versions prior to 43.0.2357.65 (affected versions not specified) **Description** The issue is related to the HarfBuzzShaper.cpp file in Blink, which does not initialize a certain width field. This allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. **Recommendations** For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 43.0.2357.65 Opera versions prior to 43.0.2357.65 **Description** The issue arises from the incorrect handling of insufficient values in an feColorMatrix filter within the SVG implementation in Blink. This allows remote attackers to cause a denial of service, potentially leading to a container overflow, or possibly having other unspecified impacts through a crafted document. **Recommendations** For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later. For Opera versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later. As a temporary workaround, consider disabling the use of feColorMatrix filters in SVG documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7.1.2 Apple Safari versions prior to 6.1.5 and 7.x prior to 7.0.5 Apple TV versions prior to 6.1.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is a different issue than other vulnerabilities listed in various Apple security updates. **Recommendations** For Apple iOS versions prior to 7.1.2, update to version 7.1.2 or later. For Apple Safari versions prior to 6.1.5, update to version 6.1.5 or later. For Apple Safari 7.x versions prior to 7.0.5, update to version 7.0.5 or later. For Apple TV versions prior to 6.1.2, update to version 6.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 34.0.1847.116 **Description** A use-after-free issue in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node. This issue can be exploited by adding a child node, which may lead to a denial of service or other unspecified effects on the system. **Recommendations** For Google Chrome versions prior to 34.0.1847.116, update to version 34.0.1847.116 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `RenderBlock::addChildIgnoringAnonymousColumnBlocks` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 31.0.1650.48 **Description** The issue is related to the SVG implementation in Blink. It allows remote attackers to cause a denial of service, specifically an out-of-bounds read, by leveraging the use of tree order rather than transitive dependency order for layout. **Recommendations** For versions prior to 31.0.1650.48, update to version 31.0.1650.48 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iOS versions prior to 7, update to version 7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 28.0.1500.71 Apple iTunes (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors in the SVG implementation. This is due to a problem in the core/rendering/svg/SVGInlineTextBox.cpp file. **Recommendations** For Google Chrome versions prior to 28.0.1500.71, update to version 28.0.1500.71 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 28.0.1500.71 Apple iTunes (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability that can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved through vectors related to the handling of input. **Recommendations** For Google Chrome versions prior to 28.0.1500.71, update to version 28.0.1500.71 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 27.0.1453.110 **Description** A use-after-free issue in the SVG implementation allows remote attackers to cause a denial of service or possibly have other unspecified impacts via unknown vectors. **Recommendations** For versions prior to 27.0.1453.110, update to version 27.0.1453.110 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, through vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 18.0 Firefox ESR versions prior to 17.0.2 Thunderbird versions prior to 17.0.2 Thunderbird ESR versions prior to 17.0.2 SeaMonkey versions prior to 2.15 **Description** A stack-based buffer overflow issue exists in the Canvas implementation, allowing remote attackers to execute arbitrary code via an HTML document with invalid width and height values. **Recommendations** For Mozilla Firefox versions prior to 18.0, update to version 18.0 or later. For Firefox ESR versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird versions prior to 17.0.2, update to version 17.0.2 or later. For Thunderbird ESR versions prior to 17.0.2, update to version 17.0.2 or later. For SeaMonkey versions prior to 2.15, update to version 2.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** A use-after-free issue allows remote attackers to execute arbitrary code via an HTML document. This issue affects Mac OS X systems. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** The issue arises from the texImage2D implementation in the WebGL subsystem, which does not properly interact with Mesa drivers. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via function calls involving certain values of the `level` parameter. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Thunderbird versions prior to 17.0 SeaMonkey versions prior to 2.14 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via large image dimensions in the copyTexImage2D implementation in the WebGL subsystem. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 17.0 Firefox ESR versions prior to 10.0.11 Thunderbird versions prior to 17.0 Thunderbird ESR versions prior to 10.0.11 SeaMonkey versions prior to 2.14 **Description** The issue is caused by an integer overflow in the WebGL subsystem, allowing remote attackers to execute arbitrary code or cause a denial of service via crafted data. This can result in an invalid write operation. **Recommendations** For Mozilla Firefox versions prior to 17.0, update to version 17.0 or later. For Firefox ESR versions prior to 10.0.11, update to version 10.0.11 or later. For Thunderbird versions prior to 17.0, update to version 17.0 or later. For Thunderbird ESR versions prior to 10.0.11, update to version 10.0.11 or later. For SeaMonkey versions prior to 2.14, update to version 2.14 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 22.0.1229.79 **Description** The issue is related to an integer overflow in the WebGL implementation, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. The attack vectors for this issue are unknown. **Recommendations** For versions prior to 22.0.1229.79, update to version 22.0.1229.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 21.0.1180.89 **Description** The issue is related to improper line breaking in crafted documents, allowing remote attackers to cause a denial of service through an out-of-bounds read. **Recommendations** For versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 21.0.1180.89 **Description** A race condition exists due to improper interaction between worker processes and an XMLHttpRequest object, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 21.0.1180.89 **Description** The issue is related to the handling of run-in elements, where an unspecified variable is not properly cast, allowing remote attackers to cause a denial of service or possibly have other unknown impacts via a crafted document. **Recommendations** For versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to resolve the issue.