The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17 and OpenJDK allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files aka Bug Id 6824265.
String handling functions in Mozilla 1.7.3 Firefox 1.0 and Thunderbird before 1.0.2 such as the nsTSubstring_CharT::Replace function do not properly check the return values of other functions that resize the string which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address which leads to heap corruption.
- CentOS Linux 4
- Red Hat Enterprise Linux 4
- Oracle Linux 4