Ubuntu 14.04 LTS : Firefox regression (USN-2505-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2505-2 advisory. USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated -remote command-line switch that some older software still depends on. This update...

USN-2505-2: Firefox regression

USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Matthew Noorenberghe discovered that allowlisted...

Yelp: Missing X-Frame-Options header

URL https://staging.seatme.us/ Vulnerability: The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in...

Mozilla Firefox Multiple Vulnerabilities-01 (Mar 2015) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

McAfee Agent (MA) Log Viewing Feature Unspecified Clickjacking Vulnerability

McAfee Agent is prone to clickjacking vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mcafee:mcafeeagent";...

McAfee Managed Agent Input Validation Vulnerability

McAfee Managed Agent MA is a suite of agent programs from the American company McAfee. The main task of the program is to periodically download updates, policies, tasks, etc. from the server. A security vulnerability exists in the log viewer of McAfee MA versions 4.8.0 and earlier and 5.0.0. When...

Ubuntu: Security Advisory (USN-2505-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2505-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2505-1 advisory. Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were...

USN-2505-1: Firefox vulnerabilities

Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. CVE-2015-0819 Jan de Mooij...

USN-2505-1 firefox vulnerabilities

Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. CVE-2015-0819 Jan de Mooij...

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...

Spoofing

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...

CVE-2015-0819

The CVE-2015-0819 issue affects Mozilla Firefox and stems from UITour::onPageEvent not validating that an API call originates from a foreground tab. This can enable spoofing and clickjacking when a UITour page in a background tab is whitelisted. Affected releases are Firefox versions before 36.0;...

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...

SEO Toaster E-Commerce 2.2.0 Cross Site Scripting

Affected software: http://demo.seotoaster.com Type of vulnerability: clickjacking Version: E-Commerce 2.2.0 URL: http://www.seotoaster.com/ Discovered by: Provensec Website: http://www.provensec.com Description:Free SEO Software & CMS: All in One Proof of concept seo toaster search filed was vuln...

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...

firefox: multiple issues

CVE-2015-0819 tab spoofing: Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could...

Firefox < 36.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 36.0. It is, therefore, affected by the following vulnerabilities : - An issue exists that allows whitelisted Mozilla domains to make 'UITour' API calls while UI Tour pages are present in background tabs. This allows an...

UBUNTU-CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site...

UI Tour whitelisted sites in background tab can spoof foreground tabs — Mozilla

Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could then use that tab to engage i...