[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

100123

 
 

909

 
 

80198

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1596 Download | Alert*

The host is missing a security update according to Mozilla advisory, MFSA2014-91. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation allows attackers to bypass intended access restrictions.

The host is missing a security update according to MFSA 2014-83. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

The host is missing a security update according to MFSA 2014-84. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle an XBL binding. Successful exploitation allows attackers to bypass intended access restrictions.

The host is missing a security update according to MFSA 2014-85. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript object. Successful exploitation allows attackers to cause a denial of service (application crash).

The host is missing a security update according to MFSA 2014-86. The update is required to fix an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploitation allows attackers to obtain sensitive information.

The host is missing a security update according to MFSA 2014-87. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a addition of a second root element to an HTML5 document during parsing. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a security update according to MFSA 2014-88. The update is required to fix a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted media content. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a security update according to MFSA 2014-89. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to render arbitrary content in these limited circumstances.

Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The target page may have a strict CSP that protects against this XSS attack, but if the attacker induces ...


Pages:      Start    133    134    135    136    137    138    139    140    141    142    143    144    145    146    ..   159

© 2013 SecPod Technologies