[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1814 Download | Alert*

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data, or of memory addresses that could be used in combination with another bug.

Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.

Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution.

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. This leads to possible man-in-the-middle attacks if an attacker has control of the DNS connection a ...

Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an iframe , video will continue to be shared even if the user selects the Stop Sharing button in the controls. The camera will also remain on even if the user navigates to another site and will begin streaming ag ...

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe"s location object, as part of an alarm"s JSON data. This allows a malicious app to bypass same-origin policy.

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a canvas element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-11-17-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to execute remote code or obtain sensitive information.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-10-16-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to determine all the network addresses of the system or bypass a sandbox protection mechanism or execute arbitrary shell commands or ...

The host is missing a security update according to MFSA 2014-83. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.


Pages:      Start    61    62    63    64    65    66    67    68    69    70    71    72    73    74    ..   181

© SecPod Technologies