3790 matches found
CVE-2017-14835
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pag...
CVE-2017-14835
CVE-2017-14835 : Foxit Reader 8.3.1.21155 is vulnerable to remote code execution via the XFA Layout object page method due to type confusion from improper data validation. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Impact: arbitrary code execut...
Mozilla: Use-after-free of PressShell while restyling layout (MFSA 2017-25)
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
MGASA-2017-0432 Updated thunderbird packages fix security vulnerabilities & bugs
The updated packages fix several bugs and some security issues: Use-after-free of PressShell while restyling layout. CVE-2017-7828 Cross-origin URL information leak through Resource Timing API. CVE-2017-7830 Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
openSUSE Security Update : mupdf (openSUSE-2017-1300)
This update for mupdf fixes the following issues : Security issues fixed : - CVE-2017-7976: integer overflow jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file boo1052029. - CVE-2016-10221: countentries in pdf-layer.c allows for DoS boo1032140. - CVE-2016-8728: Fi...
Clarifying the behavior of mandatory ASLR
Last week, the CERT/CC published an advisory describing some unexpected behavior they observed when enabling system-wide mandatory Address Space Layout Randomization ASLR using Windows Defender Exploit Guard WDEG and EMET on Windows 8 and above. In this blog post, we will explain the configuratio...
US-CERT Warns of ASLR Implementation Flaw In Windows
The U.S. Computer Emergency Readiness Team is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. The vulnerability could allow a remote attacker to take control of an affected system. Microsoft said it...
Mozilla: Use-after-free of PressShell while restyling layout (MFSA 2017-25)
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
BlackBerry QNX Software Development Platform Information Disclosure Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...
BlackBerry QNX Software Development Platform Information Disclosure Vulnerability (CNVD-2017-37268)
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of the QNX SDP in BlackBerry QNX S...
CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
UBUNTU-CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
CVE-2017-9369
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
CVE-2017-3892
In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...
CVE-2017-9369
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
CVE-2017-3892
In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...
Information disclosure
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
Information disclosure
In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...
CVE-2017-9369
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...
CVE-2017-3892
In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...