Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

Race condition

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

Design/Logic Flaw

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

NSA Director Alexander Denies Spying on Europeans

Intelligence officials appearing before the House Permanent Select Committee on Intelligence on Tuesday denied collecting the phone records of citizens in France, Spain and Italy, as recently reported by media outlets in those countries. “The assertions made by Le Monde of France, El Mundo of Spa...

Obama Administration to Review NSA Capabilities

President Barack Obama has initiated a review of the procedures and methods that the NSA uses to collect intelligence at home and overseas to ensure that the agency isn’t overstepping its bounds in phone and Internet data collection. The review comes at a time when Congress is set to consider...

New Bill Would End Mass Surveillance

UPDATE: Rep. Jim Sensenbrenner R-Wisc. is introducing a bill that would counteract many of the elements of the U.S. PATRIOT Act that enables the mass collection of data belonging to U.S. citizens. Sensenbrenner’s bill is called the USA FREEDOM Act, a quasi-acronym for Uniting and Strengthening...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

Writing to cycle collected object during image decoding — Mozilla

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition...

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

EFF: Congress Has Opportunity to Stop Mass Surveillance

Since the leaks of NSA surveillance methods began in June, there has been a flurry of activity in Congress, with members scurrying to line up on either side of the issue, either defending the agency’s methods or condemning them. That mad scramble also has included the introduction of a number of...

Tomcat Application Manager Login Utility

This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Snoopy Project mobile tracking and intelligence grows up

A year ago, the Snoopy Project was a neat research initiative that packaged a number of existing technologies into a framework to profile and track mobile devices. After a summer of Snowden revelations, something like Snoopy takes on a whole new meaning. Snoopy devices, called drones by researche...

Fedora Update for php-pecl-xhprof FEDORA-2013-18049

Check for the Version of php-pecl-xhprof OpenVAS Vulnerability Test Fedora Update for php-pecl-xhprof FEDORA-2013-18049 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Fedora Update for php-pecl-xhprof FEDORA-2013-18094

Check for the Version of php-pecl-xhprof OpenVAS Vulnerability Test Fedora Update for php-pecl-xhprof FEDORA-2013-18094 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

[SECURITY] Fedora 20 Update: php-pecl-xhprof-0.9.4-1.fc20

XHProf is a function-level hierarchical profiler for PHP. This package provides the raw data collection component, implemented in C as a PHP extension. The HTML based navigational interface is provided in the "xhprof" package...