CVE-2013-0756

Use-after-free vulnerability in the objtoSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing...

Design/Logic Flaw

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to...

Code injection

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which...

CVE-2013-0756

Use-after-free vulnerability in the objtoSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing...

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 24 to the stable channel. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame. This is the first Stable release with support for MathML, thanks to WebKit volunteer Dave Barton. This release also contains an...

CVE-2013-0756

Use-after-free vulnerability in the objtoSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing...

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a...

Mozilla: Use-after-free in ListenerManager (MFSA 2013-17)

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to...

Mozilla: Use-after-free in ListenerManager (MFSA 2013-17)

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to...

Mozilla: Compartment mismatch with quickstubs returned values (MFSA 2013-09)

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which...

AutoWrapperChanger fails to keep objects alive during garbage collection — Mozilla

Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution...

Compartment mismatch with quickstubs returned values — Mozilla

Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash...

FTC Launches Investigations into Mobile Apps for Kids

The Federal Trade Commission on Monday said it’s launching “non-public investigations” to determine if mobile application providers are violating federal laws by collecting information on children without their parents’ permission. A report indicates almost 60 percent 235 of the children-centric...

Windows Gather FileZilla FTP Server Credential Collection

This module will collect credentials from the FileZilla FTP server if installed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Windows Gather FileZilla FTP Server...

VMware vCenter Data Collection

Binary data vmwarevcentercollect.nbin...

FreeBSD-SA-12:06.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:06.bind Security Advisory The FreeBSD Project Topic: Multiple Denial of Service vulnerabilities with named8 Category: contrib Module: bind Announced: 2012-11-2...

Bulgarian torrent tracker forum hacked and accused of collecting user IP

A Russian hacker going by name - "kOS" hack into the Bulgarian torrent tracker "Arenabg" website https://forum.arenabg.com/ and leak the complete database of their forum and accused of collecting IP of users like PirateBay. Hacker said, "Why I hack this tracker? Because they store IP information...

Alliance Issues Guidance for Cloud-Based SIEM Services

The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service SecaaS specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy...

Android Adware abusing permissions, Collecting more than they need

So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as uniqu...