[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 1614 Download | Alert*

Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content.

Mozilla developer Patrick McManus reported a method to use SPDY or HTTP/2 connection coalescing to bypass key pinning on different sites that resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. This leads to possible man-in-the-middle attacks if an attacker has control of the DNS connection an ...

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a canvas element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

Security researcher Ash reported an issue affected the Mozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service installer writes to a temporary directory created during the update process which is writable by users. If malicious DLL files are placed within this directory during the update process, these DLL files can run in a privileged context through the Mozilla Maintenan ...

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe"s location object, as part of an alarm"s JSON data. This allows a malicious app to bypass same-origin policy.

The host is missing a security update according to Adobe advisory, APSB13-20. The update is required to fix memory corruption vulnerability. The flaw is present in the application, which fails to properly handle memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

The host is missing an important security update according to Microsoft bulletin, MS13-106. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, because a specific Microsoft Office shared component was not built to implement the ASLR security feature. Successful exploitation allows attackers to bypass the ASLR security feature.

The host is missing an important security update according to Microsoft bulletin, MS14-024. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow remote attackers to bypass the ASLR security feature and predict memory offsets of specific instructions in a give ...

The host is missing an important security update according to Microsoft bulletin, MS14-082. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which improperly handle objects in memory while parsing specially crafted office files. Successful exploitation allows attackers to execute arbitrary code.

The host is missing an important security update according to Microsoft security bulletin MS15-013. The update is required to fix a security feature bypass vulnerability. The flaw is present in the applications, which fails to handle a specially crafted file. Successful exploitation allows attackers to bypass security feature.


Pages:      Start    146    147    148    149    150    151    152    153    154    155    156    157    158    159    ..   161

© 2013 SecPod Technologies