Mozilla: Use-after-free in TypeObject (MFSA 2014-30)

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

Use-after-free in TypeObject — Mozilla

Security research firm VUPEN, via TippingPoint's Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition...

The NSA, Snowden and the Internet's Offensive Future

Despite everything that has transpired in the last year, Edward Snowden sounded calm, reflective and in some ways wistful yesterday discussing the fallout and consequences of the multitude of NSA programs and methods he’s revealed. Snowden bemoaned the fact that the NSA specifically and the...

MobileIron Data Collection

Binary data mobileironcollect.nbin...

Privacy Groups Seek to Halt Facebook Acquisition of WhatsApp

The appeal of WhatsApp, the cross-platform mobile messaging app recently acquired by Facebook for a stunning $19 billion price tag, was that it kept to its promise of not collecting user information that would be converted to ad revenue. The acquisition by Facebook, however, likely changes that...

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...

Threat Outbreak Alert: Fake Debt Collection Notification Email Messages on January 27, 2014

Medium Alert ID: 32586 First Published: 2014 January 27 21:07 GMT Last Updated: 2014 January 29 13:51 GMT Version: 3 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a debt collection notice for the recipient. The text in the email...

Congressmen Call For DNI Clapper's Ouster

A group of six Congressmen have asked President Barack Obama to remove James Clapper as director of national intelligence as a result of his misstatements to Congress about the NSA’s dragnet data-collection programs. The group, led by Rep. Darrell Issa R-Calif., said that Clapper’s role as DNI “i...

Crypto Pioneers Write Letter on NSA Surveillance to Obama

Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products...

Cisco TelePresence System Software Command Execution Vulnerability

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...

Obama Orders NSA Bulk Metadata Surveillance Reforms

President Obama today announced reforms to the National Security Agency’s bulk metadata collection program under Section 215 of the PATRIOT Act, ordering a transition that would end the program as it exists today, and prohibit the government from storing and accessing the data without secret cour...

Metadata Program 'Not Uniquely Valuable'

In a mostly friendly and non-confrontational hearing on Tuesday, members of the Senate Judiciary Committee spent a couple of hours talking to members of the White House-appointed NSA review board about the extent of the agency’s surveillance and the panel’s recommendations for reform. The hearing...

SOL14907 - MySQL Server vulnerability CVE-2012-3163

Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability on Enterprise Manager, you should not enable remote access to the statistics database. Remote access to t...

Former NSA Officials Detail Failures of Agency Programs in Letter to Obama

In the weeks and months leading up to 9/11, the National Security Agency had been working on a new information-gathering and analysis system known as THINTHREAD, a system that was built in-house and was meant to replace the uncountable number of stand-alone collection systems and attendant...

Mozilla Firefox New Function Garbage Collection Code Execution - Ver2 (CVE-2006-3803)

A code execution vulnerability has been reported in Mozilla Firefox. A remote attacker could trigger this vulnerability by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. Successful exploitation of this...

LimeSurvey ‘/admin/templates.php’脚本任意文件上传漏洞

LimeSurvey（前称PHPSurveyor）是LimeSurvey团队开发的一套开源的在线问卷调查程序，它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey中存在任意文件上传漏洞，该漏洞源于程序没有成充分过滤用户提交的输入。攻击者可利用该漏洞上传任意文件到受影响计算机，导致在受影响应用程序上下文中执行任意代码。 0 LimeSurvey 目前厂商还没有提供此漏洞的相关补丁或者升级程序，建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.limesurvey.org/...

NSA Bulk Telephony Metadata Collection Program Legal

A federal court today shot down a challenge by the American Civil Liberties Union ACLU to the National Security Agency’s bulk phone metadata collection program, determining that the spy agency’s actions are legal. The ruling by U.S. District Court judge William Pauley contradicts a Dec. 16 D.C...

Stanford Researchers Find Connecting Metadata With User Names is Simple

One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some...

NSA Must Reform Practices, Organization

A presidentially appointed, five member panel issued a more than 300-page report yesterday calling for nearly 50 recommendations for changes in the way that the National Security Agency conducts its increasingly public and controversial sweeping surveillance programs. The entire report hinges on...