[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

126291

 
 

909

 
 

105100

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 1181 Download | Alert*

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potentially exploitable.

Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitrary code execution on these sites.

Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing ...

Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash.

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash.

The host is missing a critical security update according to Mozilla advisory, MFSA2015-11. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code.

The host is missing a moderate security update according to Mozilla advisory, MFSA2015-13. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key pinning (HPKP) and HTTP Strict Transport Security (HSTS).

The host is missing a moderate security update according to Mozilla advisory, MFSA2015-14. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. Successful exploitation could allow attackers to crash the service.


Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   118

© SecPod Technologies