SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2195-1)

Mozilla Firefox was updated to 45.3.0 ESR to fix the following issues bsc991809 : - MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards rv:48.0 / rv:45.3 - MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed - MFSA 2016-64/CVE-2016-2838...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

Hardcoded credentials

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

France, Germany Call for European Decryption Law

The United States is months removed from this spring’s Apple vs. FBI debacle, but the debate around encryption is just beginning to play out in Europe. A joint press conference held Tuesday in Paris between Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard...

Dutch, Belgian Ransomware Wildfire Disrupted, Decryption Keys Posted

The No More Ransom initiative released decryption keys for yet another strain of ransomware this week; now victims of the mostly Dutch-leaning ransomware called WildFire can get their files back without paying attackers. According to an update from the Dutch National Police on Wednesday, when it...

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES 3DES and Blowfish. Researchers are set to present new attacks against 64-bit ciphers tha...

Westermo WeOS < 4.19.0 Hard-coded Certificate Vulnerability

Westermo WeOS uses the same SSL private key across different customers installations. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered

Researchers claim to have found the largest ransomware-as-a-service RaaS ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Softwar...

Fedora 24 : cryptobone (2016-432f067a80)

This is a major update that re-organizes the Crypto Bone daemon to include all message encryption and decryption code. This obsoletes the openpgp binary. In addition, the private cryptlib library has been reduced in size considerably. Note that Tenable Network Security has extracted the preceding...

Mozilla Firefox and Firefox ESR Stack Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A stack buffer overflow vulnerability exists in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API of Mozilla Firefox and Firefox, which allows remote attackers ...

USN-3044-1 firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

USN-3044-1: Firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

DEBIAN-CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

firefox: multiple issues

CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...

CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

Petya Sabotages Rival Ransomware Chimera, Leaks 3,500 Decryption Keys

There is no honor among thieves, as the saying goes, and that includes ransomware crooks. In an apparent move to sabotage a ransomware competitor, the authors of the Mischa and Petya ransomware-as-a-service leaked 3,500 decryption keys for its competitor Chimera ransomware. The move appears to be...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...