[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1924 Download | Alert*

Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have been changed as part of general security improvements.

Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can be triggered by web content.

Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to explicitly untrust root certificates from specific certificate authorities.

Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also reported a variant of the same flaw. This issue leads to a potentially exploitable crash.

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.

Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmesd" information (ANSSI), an agency of the French government and a certificate authority in Mozilla's root program. A subordinate certificate ...

The host is missing a security update according to Adobe advisory, APSB14-19. The update is required to fix sandbox bypass vulnerability. The flaws are present in the applications, which fail to properly handle unspecified vectors. Successful exploitation allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.

The host is missing a critical security update according to Microsoft security bulletin, MS13-099. The update is required to fix remote code execution vulnerability. The flaw is present in Microsoft Scripting Runtime Object Library, which fails to handle a website that hosts specially crafted content. Successful exploitation allows attackers to install programs; view, change, or delete data; or cr ...

The host is missing an important security update according to Microsoft security bulletin, MS14-044. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to stop responding until a manual reboot is initiated.

The host is missing a critical security update according to Adobe advisory, APSB08-23. The update is required to fix an unspecified vulnerability. The flaw is present in the application, which fails to properly handle unknown attack vectors. Successful exploitation allows context-dependent attackers to execute untrusted JavaScript in an AIR application.


Pages:      Start    168    169    170    171    172    173    174    175    176    177    178    179    180    181    ..   192

© 2013 SecPod Technologies