[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81309

 
 

123

 
 
Paid content will be excluded from the download.

Filter
Matches : 12018 Download | Alert*

The host is installed with ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome and is prone to multiple stack-based buffer overflow vulnerability. The flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to execute arbitrary code via a long property value.

The host is installed with Mozilla Firefox before 24.0 and is prone to a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle a symlink in conjunction with a file: URL for a local file. Successful exploitation could allow attackers to bypass the Same Origin Policy.

The host is installed with Mozilla Firefox before 24.0 and is prone to an untrusted search path vulnerability. A flaw is present in the application, which fails to handle Trojan horse .so file in a world-writable directory. Successful exploitation could allow attackers to execute arbitrary code.

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the Open Link in New Tab menu selection.

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.


Pages:      Start    1147    1148    1149    1150    1151    1152    1153    1154    1155    1156    1157    1158    1159    1160    ..   1201

© 2013 SecPod Technologies