[Forgot Password]
Login  Register Subscribe

24003

 
 

131486

 
 

106342

 
 

909

 
 

84712

 
 

134

 
 
Paid content will be excluded from the download.

Filter
Matches : 8889 Download | Alert*

Mozilla Firefox before 60.0 : A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictio ...

Mozilla Firefox before 60.0 : The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including javascript: links. If a JSON file contains malicious JavaScript script embedded as javascript: links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are acces ...

Mozilla Firefox before 60.0 : A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs.

Mozilla Firefox before 60.0 : A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack.

Mozilla Firefox before 60.0 : If a URL using the file: protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the noopener keyword.

Mozilla Firefox before 60.0 : If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.

Mozilla Firefox before 60.0 : If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response.

The host is installed with Google Chrome before 66.0.3359.170 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

The host is installed with Google Chrome before 66.0.3359.170 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

The host is installed with Google Chrome before 66.0.3359.170 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   888

© 2013 SecPod Technologies