CVE-2017-3260

CVE-2017-3260 involves Oracle Java SE (AWT) with affected versions Java SE 7u121 and 8u112. The vulnerability is exploitable only via network with multiple protocols and requires user interaction; exploitation can lead to takeover of Java SE and may impact client deployments running sandboxed Jav...

JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

CVE-2017-3253

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...

Security update for karchive (important)

This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...

Security update for karchive (important)

This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...

GLSA-201606-18 : IcedTea: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-18 IcedTea: Multiple vulnerabilities Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-704)

This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

Cross site scripting

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

CVE-2016-2833

CVE-2016-2833 affects Mozilla Firefox prior to 47.0, where CSP checks are bypassed for cross-domain Java applets. This CSP bypass could enable remote attackers to perform cross-site scripting (XSS) via a crafted applet. The available connected sources confirm Firefox versions affected and referen...

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-2993-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2993-1 advisory. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson,...

CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)

Mozilla Foundation reports : MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

UBUNTU-CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy CSP directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted applet...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

icedtea-web: unexpected permanent authorization of unsigned applets

It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...