[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 2027 Download | Alert*

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software.Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow fla ...

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by SystemOnly Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additional ...

Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.

Security researcher Paul Stone of <ahref="http://www.contextis.co.uk/">Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash.

Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values.

The host is missing an critical security update according to Microsoft security bulletin, MS14-038. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted journal file. Successful exploitation allows attackers to execute an arbitrary program at the same integrity level as the current user.

The host is missing a critical security update according to Microsoft bulletin, MS14-037. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

The host is missing a moderate security update according to Microsoft security bulletin, MS14-042. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle incoming AMQP messages. Successful exploitation could allow attackers to crash the service.


Pages:      Start    150    151    152    153    154    155    156    157    158    159    160    161    162    163    ..   202

© SecPod Technologies