[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1819 Download | Alert*

Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping on affected platforms.

Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window handling by bypassing of some security checks.

Security researcher Fabiaacute;n Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an lt;iframegt; with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it quot;in-linequot; using Thunderbird"s HTML mail editor, it would run the attached script. The running script would be restricte ...

Security researcher Christian Heimes reported that the RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable. This issue was addressed ...

The host is missing a security update according to Apple advisory, APPLE-SA-2015-01-27-4. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation allows attackers to execute arbitrary code or crash the service.

The host is missing an important security update according to, APPLE-SA-2011-03-21-1. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-30-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, disclose sensitive information or crash the service.

The host is missing a security update according to Apple advisory, APPLE-SA-2015-10-21-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, disclose sensitive information or crash the service.

The host is missing a security update according to Apple advisory, APPLE-SA-2017-01-23-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.


Pages:      Start    24    25    26    27    28    29    30    31    32    33    34    35    36    37    ..   181

© SecPod Technologies