[Forgot Password]
Login  Register Subscribe

24547

 
 

132804

 
 

129694

 
 

909

 
 

106691

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 2182 Download | Alert*

The host is missing a critical security update according to APSB10-08. The update is required to fix Arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly validate requests involving web sites that are not in subdomains. Successful exploitation allows remote attackers to force the download and installation of arbitrary programs via a crafted name for ...

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software.Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow fla ...

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by SystemOnly Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additional ...

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.

Security researcher Paul Stone of <ahref="http://www.contextis.co.uk/">Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

Mozilla community member Bob Owen reported that &lt;iframe sandbox&gt; restrictions are not applied to a frame element contained within a sandboxed iframe. As a result,content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

Bugzilla developer Fr&eacute;d&eacute;ric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection.

Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values.

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions when confusing the requesting page"s location for a hosting one"s.


Pages:      Start    5    6    7    8    9    10    11    12    13    14    15    16    17    18    ..   218

© SecPod Technologies