Packet Storm's last 100 added files.
Last Updated: Thu Nov 20 15:30:34 EST 2008


[ return-to-libc-linux.txt ] acf1023db639cd181a4dceb740a63236 Brief whitepaper discussing return to LIBC exploitation on Linux.  
[ stack-overflow-linux.txt ] 543012dabf952e42181c2d4cb8c71714 Brief whitepaper discussing stack overflow exploit on Linux.  
[ backlinkspider-sql.txt ] 4a61726e2c223e482fc8c834067d96b7 The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.  
[ exodus-injection.txt ] c0c091b687a3e2eccfb4d3201993ab31 Exodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability.  
[ smallest_setuid_execve_sc.c ] 555182da9a4a0a07f261cc1b9a164f39 26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs.  
[ wportfolio-upload.txt ] a6d0b79dc4160fd1a42267f9f46dbf37 wPortfolio versions 0.3 and below remote arbitrary file upload exploit.  
[ boastmachine-sql.txt ] a68e3a773a51a05f93575744cf367a59 BoastMachine version 3.1 suffers from a remote SQL injection vulnerability.  
[ SSRT080059.txt ] 95772fbd64f5296b53746839ca3c082f HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).  
[ punportal-lfi.txt ] c74197b9cc2ffa66839c60e8759a6b6a PunPortal PunBB module version 0.1 local file inclusion exploit.  
[ prejobboard-sql.txt ] cce036725cb757bbdfeadad1f0e18b75 Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass.  
[ MDVSA-2008-220-1.txt ] d32925083aefe39798a9b266a8cf683e Mandriva Linux Security Advisory 2008-220-1 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The issues include insecure misconfigurations, an integer overflow, and more.  
[ MDVSA-2008-232.txt ] 74d6e20e2de494366564f42bf606f8cb Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes.  
[ USN-674-1.txt ] 40785ad48c0633533c0dbc0debeac5a5 Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.  
[ dsa-1667-1.txt ] fdd93fd43d34cbb3a7fa480d18402fca Debian Security Advisory 1667-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.  
[ revsense-sql.txt ] 6aa053d65dd314b32171368e6bf84ae6 RevSense suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ maurycms-upload.txt ] 63cc458d0d8e69152b1c8c27b36a2bf7 MauryCMS versions 0.53.2 and below remote shell upload exploit.  
[ linksautomation-sql.txt ] 0ff9ea758f37cbf93c812e824cb8af98 LinksAutomation Script suffers from a remote SQL injection vulnerability.  
[ linksxs-sql.txt ] 165976435e2cf54668de8896135ccc8e Linksxs Script suffers from a remote SQL injection vulnerability.  
[ ethiclinks-sql.txt ] 840182c3b5760545c2554f36f44507c5 Ethiclinks suffers from a remote SQL injection vulnerability.  
[ easyeditcms-sql.txt ] ddd126108668940b95b0c3f58edc0366 Easyedit CMS suffers from multiple remote SQL injection vulnerabilities.  
[ msvista-overflow.txt ] 8d9062372b98a602f3a22fe236506963 The Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. Proof of concept test code included.  
[ mytopix-sql.txt ] 8e0559a875dc85728184e0a26a62eb96 MyTopix versions 1.3.0 and below remote SQL injection exploit.  
[ punbb-lfi.txt ] 4e17d4daf83b92da03922224ce17aa79 PunBB (Private Messaging System versions 1.2.x) multiple local file inclusion exploit.  
[ PR08-09.txt ] 027955185dafd3359535c914e02f64fa An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.  
[ PR07-40.txt ] de90de2dfb7bb15c9207cdcfb1dc6b7e The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.  
[ PR07-11.txt ] 8a27d91e43fbb3bc2fb530f8741b2c77 Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.  
[ secunia-streamripper.txt ] 2a667b6f5ea4090920bfdfceb7fa6c61 Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. Version 1.63.5 is affected.  
[ tonline-multi.txt ] 4f545cb45287d94079f395be11241a87 The T-Online software offered by Deutsche Telekom installs and includes the use of vulnerable DLLs.  
[ sudoers-shellcode.txt ] 75ac9ea204450e8db590b8f578f55103 86 byte Linux/x86 edit /etc/sudoers for full access.  
[ pysumpas-0.2.0.tar.gz ] 9c1a5f0718d2f7566344fdd2ba118882 PySumpas is a simple, graphical password generating utility. Using the Python Cryptography Toolkit and Damien Miller's py-bcrypt, it generates a hash or cipher from user input. The resulting output, in part or entirety, can be used as a secure password.  
[ alexarticle-upload.txt ] 8fa701b438aefcdc974a713bbb55d89a Alex Article-Engine version 1.3.0 suffers from a remote arbitrary file upload vulnerability.  
[ alexnews-upload.txt ] 71f4fe9cb8a232d39997f21b36f87ebf Alex News-Engine version 1.5.1 suffers from a remote arbitrary file upload vulnerability.  
[ framework-3.2.tar.gz ] d543bda031b36a247912aa9c6a0f74d9 The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. 
[ MDVSA-2008-231.txt ] 3c2bacdc0c614a94c24a9030e3f7f962 Mandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues.  
[ USN-673-1.txt ] 64f6a2da847d9cc80f75dd91c5ce02f7 Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service.  
[ DSECRG-08-039.txt ] 75fd4e17221c2d6c784ac7ab1a410e8b Pluck CMS version 4.5.3 suffers from a local file inclusion vulnerability in data/inc/lib/pcltar.lib.php.  
[ strongswan-4.2.9.tar.gz ] cf477bf5da424489e4d3cbff9c561eb7 strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. 
[ hodetector-shellcode.txt ] ec01d4ed393174d135c4ba3ee033f19e Ho' Detector is shellcode that detects sniffing on all interfaces in Linux by parsing /proc/net/packet.  
[ directory-rfi.txt ] 7f8bed2e75d5eaeb1c1b72536868bae2 Free Directory Script version 1.1.1 suffers from a remote file inclusion vulnerability.vulnerability.  
[ CESA-2008-009.html ] a5218b3dbe84d9457e5d725d2e5b90c9 Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability.   
[ cups-dos.txt ] 1ef452ec2c616d611a578d9e2fb24e5e CUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.  
[ SSRT080164.txt ] af2cc68c5723cced78fc00d623c7ba29 HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.  
[ etopbizlinkback-insecure.txt ] 3d645ee9d2340964a69cb6cb2555b35a E-topbiz Link Back Checker 1 suffers from an insecure cookie handling vulnerability that allows for administrative take-over.  
[ Vulnerability_Advisory_SSH.txt ] 16c645098b7071120522e483e24bd2dc A design flaw in the SSH specification allows an attacker with control over the network to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. The vulnerability has been verified against OpenSSH 4.7p1; other versions may also be susceptible.  
[ musicbox238-sql.txt ] 0cfd65ddce5aa54f6ea1a290f20efd38 Musicbox versions 2.3.8 and below suffer from a remote SQL injection vulnerability. This was discovered in the last version and the vendor still has not fixed it.  
[ noIPwn3r.c ] 94f7539a2f526191e3041ebd0c0eaa10 No-IP DUC versions 2.1.7 and below remote code execution exploit with reverse shell functionality.  
[ USN-672-1.txt ] 157f26b3a109779716d5541904cd8ff7 Ubuntu Security Notice USN-672-1 - Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service.  
[ USN-667-1.txt ] d2b66e3a70af631dd3be6f985f566dab Ubuntu Security Notice USN-667-1 - A large amount of vulnerabilities have been addressed in Firefox. Flaws such as information disclosure, bypassing of same-origin checks, arbitrary code execution, and more exist in prior versions.  
[ rtm-essential5.pdf ] 3c9e911783a5d2349ab31f835294d08d Road Technological Minds - Essential #5 - This issue covers fuzzing, remote file inclusion, Samurai Framework testing, and more. Written in Spanish.  
[ videoscript-password.txt ] 120245d21bb302fad23e901c4a649add VideoScript versions 4.0.1.50 and below administrative password changing exploit.  
[ MDVSA-2008-230.txt ] 19a0df874c10f5c60f644926fc593b96 Mandriva Linux Security Advisory 2008-230 - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4. This update provides the latest Mozilla Firefox 3.x to correct these issues.  
[ MDVSA-2008-227-1.txt ] 40011f3af8744a4c252822a6224dcf76 Mandriva Linux Security Advisory 2008-227-1 - Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates. It was found that the previously-published patch to correct this issue caused a regression when dealing with self-signed certificates. An updated patch that fixes the security issue and resolves the regression issue has been applied to these packages.  
[ dsa-1666-1.txt ] b6566c4621728573b9a9f1fc9877e566 Debian Security Advisory 1666-1 - Several vulnerabilities have been discovered in the GNOME XML library.  
[ chilkat-create.txt ] 1f4383764c48b7133cf0de514e038cc2 Chilkat Socket Active-X control (ChilkatSocket.DLL) version 2.3.1.1 remote arbitrary file creation exploit.  
[ jobsiteinet-sql.txt ] 24995a6391c630e455b40312c95dda7f Job Site Script Design by i-netsolution suffers from a remote SQL injection vulnerability.  
[ jadugalaxies-sql.txt ] 09c80a4bae33498859e6e1fd0f8bed3c Jadu Galaxies suffers from a blind SQL injection vulnerability.  
[ USN-671-1.txt ] 39c3cf301a96c689c184b762d83dedd8 Ubuntu Security Notice USN-671-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behavior by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service.  
[ cnn-xss.txt ] 92c84de2d5d9b7b3c25913b34e95cdef CNN.com suffers from cross site scripting and content modification vulnerabilities.  
[ simplecustomer12-sql.txt ] 0cb715cd07f5414f57f34f266f13d6d2 Simple Customer version 1.2 suffers a SQL injection vulnerability that allows for authentication bypass.  
[ opera962-overflow.txt ] 80f8e7302996a3a72243d95efb5201c1 Opera version 9.62 local heap overflow exploit that makes use of file://.  
[ phpfan-rfi.txt ] f88cadb8524969ddedc732306f19b19c phpfan version 3.3.4 suffers from a remote file inclusion vulnerability in init.php.  
[ waraxe-2008-SA068.txt ] a32d3fba6edf5eb6c77c2efe86bac6b6 vBulletin version 3.7.3pl1 suffers from a remote SQL injection vulnerability.  
[ saturncms-sql.txt ] de9fc0673b993786fe3b287fc5ab7334 SaturnCMS suffers from a blind SQL injection vulnerability.  
[ qshop-sqlxss.txt ] b65ee8bf3b67d192ba02b0b7effeee69 Q-Shop version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ waraxe-2008-SA069.txt ] 6a6a6537f95023581440583556df8516 vBulletin version 3.7.4 suffers from multiple remote SQL injection vulnerabilities.  
[ ultrastats-sql.txt ] 40e45fb4ccd942e795867ab21af1fefa Ultrastats versions 0.3.11 and 0.2.144 suffer from a remote SQL injection vulnerability.  
[ freezegreetings-password.txt ] 3b737fa72a1c2641246ee52f5e258dbb FREEze Greetings version 1.0 remote password retrieval exploit.  
[ etopbizadmanager-sql.txt ] f3d7862cdc63ef260c436809c3b0034a E-topbiz AdManager version 4 suffers from a blind SQL injection vulnerability.  
[ unixasm-1.3.0.tar.gz ] 4083bae1e65229922048b72f023ca139 A collection of shellcodes for various platforms such as bsd-x86, linux-x86, sco-x86, and solaris-x86. This project contains a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today. 
[ openasp-sql.txt ] 687f8eab55264d06f66e60db27204a1d OpenASP versions 3.0 and below suffer from a blind SQL injection vulnerability.  
[ mxcamarchive-download.txt ] 3fe2d1033df81e3874550376a7d31c7a mxCamArchive version 2.2 suffers from a configuration bypass download vulnerability.  
[ wholesale-sql.txt ] 0af0942f525084a5e667204b5b3e5d75 phpstore Wholesale suffers from a remote SQL injection vulnerability in track.php.  
[ tor.uclibc.i686.20081115.iso ] 0015f5a02035b2d7db95a0b246525c3e Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. 
[ RFIDIOt-Windows-0.1u.zip ] 46f4202f1a71013d74997a192006abc7 RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version. 
[ RFIDIOt-0.1u.tgz ] 3cba8f89339663ead48af715023d9c82 RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). 
[ flosites-sql.txt ] 19c55fb85eeb952842a989a8dcbc9b48 FloSites Blog suffers from multiple remote SQL injection vulnerabilities.  
[ glsa-200811-05.txt ] 8207fb94feefdc04cf3ecc1ec20920f1 Gentoo Linux Security Advisory GLSA 200811-05 - PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Versions less than 5.2.6-r6 are affected.  
[ phpstoreyahoo-sql.txt ] 4c7fe32558c6cdd638e91187056abb4a The PHPStore Yahoo! Answers functionality suffers from a remote SQL injection vulnerability.  
[ minigal-disclose.txt ] 04113ba88926e89f7273e8c1659f4424 MiniGal b13 remote file disclosure exploit that leverages index.php.  
[ clipsharepro-sql.txt ] e9e11cada955197c7c1a04b29a203223 ClipShare Pro 2006 - 2007 suffers from a remote SQL injection vulnerability.  
[ boutikone-xss.txt ] 13d680d9ff76ce4009f866643488a7e1 BoutikOne CMS suffers from a cross site scripting vulnerability.  
[ gsrealestate-sql.txt ] 5ec0caf232a540900bac31f8a9d1774a GS Real Estate Portal suffers from multiple SQL injection vulnerabilities.  
[ dps-v1.5.tar.gz ] c36bf435c9d408a3b3617f3dbfef97f5 Dynamic Port Scanner - The sole idea of the Dynamic Port Scanner (DPS) is to provide a reliable spoofed source IP port scanner. The spoofed source IP is dynamically generated at run time and it varies for every scan packet; every scan packet carries a random spoofed source IP. Traditionally, a port scan with a spoofed source IP has been considered unreliable due to the fact that reply packets would not reach back the scanning system. However, the technique used by DPS ensures the reliability of such spoofed scan.  
[ x7chat-sql.txt ] fcb9d1bf73a86b5ec0ba4607031f99b6 X7 Chat version 2.0.5 suffers a SQL injection vulnerability that allows for authentication bypass.  
[ textlinksales-sqlxss.txt ] 0f9b4ce0f51dca6431c191145636a653 turnkeyforms Text Link Sales suffers from cross site scripting and SQL injection vulnerabilities.  
[ sudo-local.txt ] 26ffab57d0b621d877b892fec2020d3f sudo versions 1.6.9p18 and below local privilege escalation exploit.  
[ ms08067-2k2k3.txt ] 38ad68544d42009d2d60dec19915df7a Microsoft Windows Server Service code execution exploit that takes advantage of the vulnerability listed in MS08-067.  
[ verypdf-activex.txt ] 991d153bf1c0a388e1c4ed9f8cf0b515 VeryPDF PDFView OCX Active-X related OpenPDF heap overflow proof of concept exploit.  
[ MDVSA-2008-229.txt ] a46725972b446a48446465b5b1f6837b Mandriva Linux Security Advisory - An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file. Other bugs have also been corrected in 0.94.1 which is being provided with this update.  
[ bnd-networks.pdf ] ae77c5844f8b19b860990e00e42a7c9b This PDF document holds a single paged scan of an internally distributed mail from German telecommunications company T-Systems (Deutsche Telekom), revealing over two dozen secret IP address ranges in use by the German intelligence service Bundesnachrichtendienst (BND).  
[ smbrelay3.zip ] d764203437eff48fca628ba178318bb7 SmbRelay3 is a proof of concept tool that is able to replay NTLM authentication from several protocols like SMB/HTTP/IMAP/etc.  
[ TA08-319A.txt ] a83fdeda6a32e1a008c98fbd8ac6de73 Technical Cyber Security Alert TA08-319A - New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.  
[ PSA08-010.txt ] 2a35a98673bd56e5bf65fbff37539fdc Portcullis Security Advisory - An information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server. In the case when an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided.  
[ PSA08-009.txt ] 1b7d691c337938227fedd8e13cfb47cd Portcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets.  
[ discuz-exec.txt ] e8d963d20334b2c8a9ef79cbdba000d8 Discuz! versions 6.x and 7.x remote code execution exploit.  
[ PLSA-2008-71.txt ] 27aaa45d926a27a8397aab617e52a3fe Pardus Linux Security Advisory 2008-71 -ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.  
[ PLSA-2008-70.txt ] 8fb670a8ebee5e9608715fcd9804fba7 Pardus Linux Security Advisory 2008-70 -A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack.   
[ bankoi-sql.txt ] 622c76881814de0635160fde80671cde Bankoi Webhost Panel version 1.20 suffers from a SQL injection vulnerability that allows for authentication bypass.  
[ slimcms-sql.txt ] d65e3efa7a3591b0990cd3fde37597ea SlimCMS versions 1.0.0 and below remote SQL injection exploit that makes use of edit.php.  
[ MDVSA-2008-228.txt ] 04ad2cf66bb646814b4b89a805925bf5 Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18.