[SECURITY] Fedora 22 Update: nghttp2-1.7.1-1.fc22

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 23 Update: nghttp2-1.7.1-1.fc23

This package contains the HTTP/2 client, server and proxy programs...

nghttp2: denial of service

HTTP/2 uses HPACK to compress header fields. The basic idea is that HTTP header field is stored in the receiver with the numeric index number. The memory used by this storage is tightly constrained, and it is 4KiB by default. When sender sends the same header field, it just sends the correspondin...

The future of loading CSS

Chrome is intending to change the behaviour of , which will be noticeable when it appears within . The impact and benefits of this aren't clear from the blink-dev post, so I wanted to go into detail here. Update: This is now in Chrome Canary. The current state of loading CSS …content… CSS blocks...

openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)

This update for SeaMonkey fixes the following issues : - update to SeaMonkey 2.40 bnc959277 - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 bmo1158489 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous...

nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio

Nghttp2 reports: Out of memory in nghttpd, nghttp, and libnghttp2asio applications due to unlimited incoming HTTP header fields. nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If peer sends specially crafted HTTP/2 HEADERS frames...

openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)

SeaMonkey was updated to 2.40 boo959277 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards - CVE-2015-7204: Cra...

[SECURITY] Fedora 22 Update: nghttp2-1.6.0-1.fc22

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 23 Update: nghttp2-1.6.0-1.fc23

This package contains the HTTP/2 client, server and proxy programs...

Mozilla Firefox Multiple Vulnerabilities (Dec 2015) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

Integer overflow

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

Integer overflow

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...

CVE-2015-7219

CVE-2015-7219 affects Mozilla Firefox before 43.0 via the HTTP/2 implementation. A malformed PushPromise frame can trigger decompressed-buffer length miscalculation and incorrect memory allocation, leading to a denial of service (integer underflow, assertion failure, and application exit). The is...

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

CVE-2015-7218

CVE-2015-7218 affects Mozilla Firefox before 43.0. The HTTP/2 implementation allows remote DoS via a single-byte header frame that triggers integer underflow and incorrect memory allocation, leading to an assertion and application exit. Public advisories (e.g., Mageia/OpenSUSE/Fedora/Nessus-docum...

FreeBSD : mozilla -- multiple vulnerabilities (2c2d1c39-1396-459a-91f5-ca03ee7c64c6)

The Mozilla Project reports : MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...

DOS due to malformed frames in HTTP/2 — Mozilla

Security researcher Stuart Larsen reported two issues with HTTP/2 resulting in integer underflows that lead to intentional aborts when the errors are detected...