|Paid content will be excluded from the download.
| Matches : 1058
|Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an <iframe> sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval.
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash.
Security researcher Christian Heimes reported that the RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16.
The host is missing a security update according to Apple advisory, APPLE-SA-2014-06-30-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.
The host is missing a security update according to Adobe advisory, APSB14-04. The update is required to fix an integer underflow vulnerability. A flaw is present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary code.
The host is missing a critical security update according to Adobe advisory, APSB14-13. The update is required to fix buffer overflow vulnerability. A flaw is present in the application, which fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploitation allows attackers to execute arbitrary code.
Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content.
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. This issue was introduced in Firefox 29 and does not affect earlier versions.
Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API was introduced in Firefox 29 and this issue does not affect earlier versions.
Pages:      Start    89    90    91    92    93    94    95    96    97    98    99    100    101    102    ..   105
© 2013 SecPod Technologies