80 matches found
First Malware Targeting AWS Lambda Serverless Platform Discovered
A first-of-its-kind malware targeting Amazon Web Services' AWS Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade...
DNS-over-HTTPS takes another small step towards global domination
Firefox recently announced that it will be rolling out DNS-over-HTTPS or DoH soon to one percent of its Canadian users as part of its partnership with CIRA the Canadian Internet Registration Authority, the Ontario-based organization responsible for managing the .ca top-level domain for Canada and...
Typodetect - Detect The Active Mutations Of Domains
This tool gives blue teams, SOC's, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TL...
NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
The U.S. National Security Agency NSA on Friday said DNS over HTTPS DoH — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transpo...
Smart DNS for the New Network Edge: Emerging Requirements for DNS Encryption
This blog post -- the fourth in a series -- will discuss how smart DNS resolvers can enhance ongoing ISP and MNO network transformation efforts, such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize the edge to improve service delivery and network...
CentOS: Security Advisory for firefox (CESA-2020:5239)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 7 : firefox (RHSA-2020:5239)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5239 advisory. - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)
This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.5.0 ESR bsc1178824 - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code - CVE-2020-16012: Variable time processing of cross-origin images during...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Mozilla: DoH did not filter IPv4 mapped IP Addresses
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
openSUSE Security Update : MozillaFirefox (openSUSE-2020-2031)
This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.5.0 ESR bsc1178824 - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code - CVE-2020-16012: Variable time processing of cross-origin images during...
RHEL 8 : thunderbird (RHSA-2020:5232)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5232 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fixes: Mozilla:...
MGASA-2020-0433 Updated thunderbird packages fix security vulnerabilities
Variable time processing of cross-origin images during drawImage calls. CVE-2020-16012 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. CVE-2020-26951 Fullscreen could be enabled without displaying the security UI. CVE-2020-26953 XSS through paste manual...
Updated firefox and nss packages fix security vulnerabilities
When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...
Mozilla Firefox Security Advisories (MFSA2020-50, MFSA2020-52) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Thunderbird Security Advisories (MFSA2020-50, MFSA2020-52) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Mozilla Firefox Security Advisories (MFSA2020-50, MFSA2020-52) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
KLA12010 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, perform cross-site scripting attack, spoof user interface, execute arbitrary code, bypass security restrictions. Bel...
Security Vulnerabilities fixed in Firefox 83 — Mozilla
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. Incorrect bookkeepi...