Richard Moore

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the gui/image/qbmphandler.cpp file within the QtBase module. This can be exploited by remote attackers using a crafted BMP image, potentially leading to a denial of service (segmentation fault and crash) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the gui/image/qgifhandler.cpp file within the QtBase module. This can be triggered by remote attackers using a crafted GIF image, potentially leading to a denial of service (segmentation fault) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the QtBase module, specifically in the qicohandler.cpp file, which handles ICO image formats. This can be exploited by remote attackers using a crafted ICO image, potentially leading to a denial of service (causing a segmentation fault and crash) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** cURL and libcurl versions prior to 7.36.0 **Description** The issue allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This is due to the incorrect validation of wildcard SSL certificates containing literal IP addresses by libcurl when using specific TLS libraries, including OpenSSL, axtls, qsossl, or gskit. According to the RFC 2818 requirements, wildcards should not be used with IP addresses to prevent man-in-the-middle attacks. However, libcurl fails to adhere to this rule under certain conditions, allowing a malicious server to participate in a MITM attack or fool users into believing it is a legitimate site. **Recommendations** For versions prior to 7.36.0, update to version 7.36.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of wildcard certificates or disabling the use of the vulnerable TLS libraries until a patch is available. Avoid using libcurl with the affected TLS libraries for sensitive operations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Opera (affected versions not specified) Description: The issue allows web sites to set cookies for country-specific top-level domains that have DNS A records. This could enable remote attackers to perform a session fixation attack and hijack a user's HTTP session. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 0.9.2 through 2.x Description: The issue allows web sites to set cookies for country-specific top-level domains, which could enable remote attackers to perform a session fixation attack and hijack a user's HTTP session. Recommendations: For Mozilla Firefox versions 0.9.2 through 2.x, consider restricting the setting of cookies for country-specific top-level domains to minimize the risk of session fixation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11 Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5 SeaMonkey version prior to 2.0.9 **Description** The issue allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This is possible because the software recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For Mozilla Firefox versions prior to 3.5.14 and 3.6.x prior to 3.6.11, update to version 3.5.14 or 3.6.11 or later. For Thunderbird versions prior to 3.0.9 and 3.1.x prior to 3.1.5, update to version 3.0.9 or 3.1.5 or later. For SeaMonkey version prior to 2.0.9, update to version 2.0.9 or later. As a temporary workaround, consider disabling the use of wildcard IP addresses in the subject's Common Name field of X.509 certificates until a patch is available.