[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 1848 Download | Alert*

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems.

Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII format ...

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an <iframe> sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval.

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable.

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data, or of memory addresses that could be used in combination with another bug.

Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback.

Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution.

Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an <iframe> , video will continue to be shared even if the user selects the &quote;Stop Sharing" button in the controls. The camera will also remain on even if the user navigates to another site and will ...

The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code.

Pages:      Start    172    173    174    175    176    177    178    179    180    181    182    183    184    ..   184

© 2013 SecPod Technologies