[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1926 Download | Alert*

Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to unexpected script execution if the style-src directives were less restrictive than those for scripts.

Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash.

Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible.

Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to be potentially opened instead of only saved in some circumstances.

Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window handling by bypassing of some security checks.

The host is missing a security update according to Adobe advisory, APSB14-04. The update is required to fix an integer underflow vulnerability. A flaw is present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a important security update according to Microsoft bulletin, MS14-009. The update is required to fix multiple vulnerabilities. The flaws are present in microsoft graphic component, which fails to handle a crafted website. Successful exploitation allows remote attackers to bypass ASLR security and cause an ASP.NET server to stop responding to client requests.

The host is missing a security update according to Adobe advisory, APSB14-06. The update is required to fix memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle certain vectors related to memory. Successful exploitation allows attackers to cause a denial of service.


Pages:      Start    7    8    9    10    11    12    13    14    15    16    17    18    19    20    ..   192

© 2013 SecPod Technologies