|Paid content will be excluded from the download.
| Matches : 777
|The host is installed with Adobe Flash Player before 11.7.700.272 or 11.8.x through 12.0.x before 188.8.131.52 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to handle certain unspecified vectors. Successful exploitation allows attackers to bypass the Same Origin Policy and read the clipboard.
The host is missing a security update according to Apple advisory, APPLE-SA-2008-06-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted file. Successful exploitation could allow attackers to execute arbitrary code or crash the service.
The host is installed with Apple Safari before 3.1.1 and is prone to a phishing attacks vulnerability. A flaw is present in the application, which fails to properly handle a timing issue. Successful exploitation allows remote attackers to spoof the contents of a legitimate site.
The host is installed with Apple Safari before 3.1 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted certificates. Successful exploitation allows remote attackers to spoof trusted SSL certificates.
The host is missing a security update according to Adobe advisory, APSB08-04. A flaw is present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to execute arbitrary code.
Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances.
Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces ...
Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default configuration and would require a malicious extension to be installed.
Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable.
Pages:      Start    60    61    62    63    64    65    66    67    68    69    70    71    72    73    ..   77
© 2013 SecPod Technologies