[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1021 Download | Alert*

The host is missing a security update according to Adobe advisory, APSB14-04. The update is required to fix an integer underflow vulnerability. A flaw is present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a critical security update according to Adobe advisory, APSB14-13. The update is required to fix buffer overflow vulnerability. A flaw is present in the application, which fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploitation allows attackers to execute arbitrary code.

Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content.

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. This issue was introduced in Firefox 29 and does not affect earlier versions.

Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API was introduced in Firefox 29 and this issue does not affect earlier versions.

The host is missing a critical security update according to Mozilla advisory, MFSA2016-96. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code or crash the service.

The host is missing a critical security update according to Mozilla advisory, MFSA2014-91. A flaw is present in the applications which fails to properly handle a Chrome Object Wrapper. Successful exploitation allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

The host is missing a security update according to MFSA 2014-88. The update is required to fix a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted media content. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a security update according to MFSA 2014-89. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. This leads to possible man-in-the-middle attacks if an attacker has control of the DNS connection a ...


Pages:      Start    86    87    88    89    90    91    92    93    94    95    96    97    98    99    ..   102

© 2013 SecPod Technologies