103 matches found
Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...
Debian DLA-2219-1 : feh security update
Tobias Stoeckmann discovered that it was possible to trigger an out-of-boundary heap write with the image viewer feh while receiving an IPC message. For Debian 8 'Jessie', this problem has been fixed in version 2.12-1+deb8u1. We recommend that you upgrade your feh packages. NOTE: Tenable Network...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)
The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...
Design/Logic Flaw
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
CVE-2019-11708
CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
Arbitrary Code Execution
firefox/thunderbird is vulnerable to arbitrary code execution. Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with...
Ubuntu: Security Advisory (USN-4032-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4032-1: Firefox vulnerability
It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code...
FreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)
Mozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-1170...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1684-1)
This update for MozillaFirefox fixes the following issues : Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 bsc1138872 CVE-2019-11708: Fix sandbox escape using Prompt:Open. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in...
Security vulnerabilities fixed in Thunderbird 60.7.2 — Mozilla
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. Insufficient vetting of parameters passed with the Prompt:Open IPC message between chi...
Mozilla Firefox < 67.0.4
The version of Firefox installed on the remote Windows host is prior to 67.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-19 advisory. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in th...
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This, in turn, requires a way to identify a client process. If PIDs are used f...
CVE-2017-5456
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
Design/Logic Flaw
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
CVE-2017-5456
CVE-2017-5456 is a sandbox-escape vulnerability in Mozilla Firefox/Firefox ESR where the file system request constructor, via an IPC message, bypasses sandbox protections to gain read/write access to the local filesystem. Affected products include Firefox ESR versions before 52.1 and Firefox befo...