4431 matches found
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...
CVE-2015-7219
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...
CVE-2015-7218
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a single-byte header frame that triggers incorrect memory allocation...
Apache Traffic Server 5.3.x < 5.3.2 HTTP2 Multiple Vulnerabilities
According to its banner, the version of Apache Traffic Server running on the remote host is 5.3.x prior to 5.3.2. It is, therefore, affected by multiple vulnerabilities related to improper handling of HTTP/2 requests. An attacker can exploit these vulnerabilities to have an unspecified impact. No...
HTTP/2 Cleartext Detection
The remote host is running an HTTP server that supports HTTP/2 running over cleartext TCP h2c. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid85805; scriptversion"1.8";...
Mozilla Firefox < 37.0.1 HTTP/2 Alt-Svc Header SSL MitM
Binary data 8743.prm...
openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox : - Miscellaneou...
Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)
Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox: Miscellaneous...
CVE-2015-0799
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header...
Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox
Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification. The bug puts a kink in the new feature, which was designed to...
FreeBSD : mozilla -- multiple vulnerabilities (b8321d76-24e7-4b72-a01d-d12c4445d826)
The Mozilla Project reports : MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Firefox < 37.0.1 HTTP/2 Alt-Svc Header Certificate Verification Bypass
The version of Firefox installed on the remote Windows host is prior to 37.0.1. It is, therefore, affected by an error related to the HTTP/2 'Alt-Svc' header and SSL certificate verification, which allows man-in-the-middle MitM attacks. C Tenable Network Security, Inc. include"compat.inc"; if...
Mozilla Firefox SSL Certificate Verification Bypass Vulnerability (Apr 2015) - Windows
Mozilla Firefox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox SSL Certificate Verification Bypass Vulnerability (Apr 2015) - Mac OS X
Mozilla Firefox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Firefox < 37.0.1 HTTP/2 Alt-Svc Header Certificate Verification Bypass (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is prior to 37.0.1. It is, therefore, affected by an error related to the HTTP/2 'Alt-Svc' header and SSL certificate verification, which allows man-in-the-middle MitM attacks. C Tenable Network Security, Inc. include"compat.inc"; if...
CVE-2015-0799
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header...
Firefox 37 arrives with Opportunistic Encryption support
Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header MFSA 2015-43 Loading privileged content through Reader mode...
Certificate verification bypass through the HTTP/2 Alt-Svc header — Mozilla
Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SS...
Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37
Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some for...