12 matches found
EUVD-2017-16760
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-7788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy CS...
SUSE CVE-2017-7792
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier OID. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
SUSE CVE-2017-7808
A content security policy CSP "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox 55...
CVE-2017-7808
A content security policy CSP "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox 55...
DEBIAN-CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
DEBIAN-CVE-2017-7785
A buffer overflow can occur when manipulating Accessible Rich Internet Applications ARIA attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier OID. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla Firefox memory corruption vulnerability (CNVD-2017-223290)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A memory corruption vulnerability exists in versions of Mozilla Firefox prior to 55. A remote attacker can exploit this vulnerability to execute arbitrary code or corrupt memory...
UBUNTU-CVE-2017-7799
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...