[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77982

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1020 Download | Alert*

Mozilla security developer Daniel Veditz discovered that <iframe sandbox> restrictions are not applied to an <object> element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use <object> element to bypass the sandbox restrictions that should be applied.

The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, bypass security or crash the service.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-02-25-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

The host is missing a security update according to MFSA 2014-90. The update is required to fix an information disclosure vulnerability. A flaw is present in the OS X 10.10 (Yosemite), in which logging was turned on by default for some applications that use a custom memory allocator. Successful exploitation allows attackers to obtain sensitive information such as usernames, passwords and other inpu ...

The host is missing a critical security update according to Mozilla advisory, MFSA2016-93. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to execute remote code or cause memory corruption.

The host is missing a security update according to Apple advisory, APPLE-SA-2015-01-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to execute arbitrary code or crash the service.

The host is missing a critical security update according to Mozilla advisory, MFSA2016-91. The update is required to fix a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring site's origin to the data: URL in some circumstances. Successful exploitation can result in same-ori ...

Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly leading to successful phishing attacks.

Security researcher Alex Infuhr reported that on Firefox for Android it is possible to open links to local files from web content by selecting Open Link in New Tab from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems.

Firefox for Android includes a Crash Reporter which sends crash data to Mozilla for analysis. Security researcher Roee Hay reported that third party Android applications could launch the crash reporter with their own arguments. Normally applications cannot read the private files of another application, but this vulnerability allowed a malicious application to specify a local file in the Firefox p ...


Pages:      Start    89    90    91    92    93    94    95    96    97    98    99    100    101    ..   101

© 2013 SecPod Technologies