Pavel Kankovsky

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 2.4 **Description** The issue is related to the Linux kernel's handling of IPv4 socket names. Specifically, the `net/ipv4/af inet.c` file does not properly clear the `sockaddr in.sin zero` field before returning socket names from certain functions. This can allow local users to access potentially sensitive memory contents. The affected functions include `getsockname`, `getpeername`, and `accept`. **Recommendations** For Linux kernel version 2.4, consider applying a patch that properly clears the `sockaddr in.sin zero` field in the `getsockname`, `getpeername`, and `accept` functions to prevent potential memory leaks.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4 and 2.6 **Description** The issue is related to the Linux kernel's handling of IPv4 socket names. Specifically, it does not properly clear the `sockaddr in.sin zero` field before returning IPv4 socket names from the `getsockopt` function with `SO ORIGINAL DST`. This allows local users to potentially obtain portions of sensitive memory. **Recommendations** For Linux kernel version 2.4, update to a version where this issue is fixed. For Linux kernel version 2.6, update to a version where this issue is fixed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox version 1.0.3 Description: The issue allows remote attackers to execute arbitrary Javascript in other domains. This is achieved by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution. Recommendations: For Firefox version 1.0.3, update to a newer version to mitigate the risk.

Name of the Vulnerable Software and Affected Versions: Firefox version 1.0.3 Description: The issue allows remote web sites on the browser's whitelist to execute arbitrary Javascript with chrome privileges. This can lead to arbitrary code execution on the system when combined with other vulnerabilities. The exploitation can be demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. Recommendations: For Firefox version 1.0.3, consider restricting access to the `install` function until a patch is available. As a temporary workaround, avoid using the `javascript:` URL scheme for package icons to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** imlib versions 1.9.13 and earlier imlib versions 1.9.14 and earlier **Description** The issue involves multiple vulnerabilities in the imlib package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. **Recommendations** For imlib versions 1.9.13 and earlier, update to a version later than 1.9.13 to resolve the issue. For imlib versions 1.9.14 and earlier, update to a version later than 1.9.14 to resolve the issue. As a temporary workaround, consider restricting the use of image files from untrusted sources to minimize the risk of exploitation.