Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft

Critical Vulnerabilities in Facebook and Picasa discovered byMicrosoft Microsoft security researchers have identified critical vulnerabilities in Facebook and Google Picase which led to account compromise and arbitrary code execution. The bug in Picasa that the MVR team found could allow an...

Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft

Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft Microsoft security researchers have identified critical vulnerabilities in Facebook and Google Picase which led to account compromise and arbitrary code execution. The bug in Picasa that the MVR team found could allow an...

Microsoft Research Team Reports Bugs in Facebook, Google Picasa

Microsoft’s Vulnerability Research team is keeping itself busy finding bugs in other vendors’ products, with the two latest being a vulnerability in Google’s Picasa photo editing and sharing application and a bug in Facebook that could lead to the compromise of a victim’s account. The bug in Pica...

Clickjacking Vulnerability in Facebook.com Could Allow Account Compromise

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting the popular social networking site, Facebook.com. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Facebook In...

CVE-2010-4554

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Hardcoded credentials

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2010-4554

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2010-4554

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2010-4554

CVE-2010-4554 affects SquirrelMail 1.4.21 and earlier: the function page_header.php did not prevent rendering in a frame, enabling clickjacking via a crafted site. Remediation is via the backported patches in the 2012 security updates (e.g., RHSA-2012:0103 / ELSA-2012-0103) that restrict the main...

Mac and Windows Malware Spreads Through Facebook Attack

A new attack on Facebook has been making the rounds this week, thanks in part to the social networking service’s ‘Like’ feature – and both Mac and Windows users are vulnerable. According to F-Secure’s News from the Lab blog, a Lithuanian server is dishing out the malware that appears to be...

Joomla! 1.6 < 1.6.2 Multiple Vulnerabilities (deprecated)

Binary data 5893.prm...

Information disclosure

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."...

CVE-2011-1244

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."...

CVE-2011-1244

The CVE-2011-1244 entry concerns Microsoft Internet Explorer 6, 7, and 8, where cross-domain content access restrictions are not enforced, enabling remote attackers to read sensitive information or perform clickjacking via a crafted page. The vulnerability is associated with the Frame Tag Informa...

Firefox 4 With Content Security Policy Due Tuesday

Firefox 4, the newest version of Mozilla’s flagship browser slated for release today, includes a variety of security and privacy protections, but perhaps the most important of them is the addition of the Content Security Policy. The mechanism, which is enabled by default in Firefox 4, is designed...

FreeBSD Ports: opera, opera-devel, linux-opera

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MediaWiki < 1.16.1 'Frames Processing Clickjacking' Information Disclosure Vulnerability

MediaWiki is prone to a clickjacking information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...