|Paid content will be excluded from the download.
| Matches : 777
|Security researcher Alex Infuhr reported that on Firefox for Android it is possible to open links to local files from web content by selecting Open Link in New Tab from the context menu using the file: protocol. The web content would have to know the precise location of a malicious local file in order to exploit this issue. This issue does not affect Firefox on non-Android systems.
Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the webcam or microphone by masquerading as another site and gaining user permission through spoofing.
Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.
Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system.
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact.
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain vectors. Successful exploitation could allow attackers to cause a denial of service, possibly have other impact or conduct UXSS attacks.
The host is installed with Adobe Flash Player before 11.7.700.272 or 11.8.x through 12.0.x before 22.214.171.124 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to handle certain unspecified vectors. Successful exploitation allows attackers to bypass the Same Origin Policy and read the clipboard.
Pages:      Start    5    6    7    8    9    10    11    12    13    14    15    16    17    18    ..   77
© 2013 SecPod Technologies