334 matches found
UBUNTU-CVE-2015-3658
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:0076-1)
This update fixes the following security issues in MozillaFirefox : - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 bmo1109889, bmo1111737, bmo1026774, bmo1027300, bmo1054538, bmo1067473, bmo1070962, bmo1072130, bmo1072871, bmo1098583 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 - MFSA...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
Security update for seamonkey (important)
Mozilla seamonkey was updated to SeaMonkey 2.32 bnc910669 MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards MFSA 2015-02/CVE-2014-8637 bmo1094536 Uninitialized memory use during bitmap rendering MFSA 2015-03/CVE-2014-8638 bmo1080987 sendBeacon requests lack an Origin...
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2015:0133-1)
MozillaThunderbird was updated to Thunderbird 31.4.0 bnc910669 - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards - MFSA 2015-03/CVE-2014-8638 bmo1080987 sendBeacon requests lack an Origin header - MFSA 2015-04/CVE-2014-8639 bmo1095859 Cookie injection through Proxy...
FreeBSD : mozilla -- multiple vulnerabilities (bd62c640-9bb9-11e4-a5ad-000c297fb80f)
The Mozilla Project reports : MFSA-2015-01 Miscellaneous memory safety hazards rv:35.0 / rv:31.4 MFSA-2015-02 Uninitialized memory use during bitmap rendering MFSA-2015-03 sendBeacon requests lack an Origin header MFSA-2015-04 Cookie injection through Proxy Authenticate responses MFSA-2015-05 Rea...
Cross site request forgery (csrf)
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...
RHEL 5 / 6 / 7 : firefox (RHSA-2015:0046)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0046 advisory. - Mozilla: Miscellaneous memory safety hazards rv:31.4 MFSA 2015-01 CVE-2014-8634 - Mozilla: sendBeacon requests lack an Origin head...
UBUNTU-CVE-2014-8638
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...
Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...
Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1430-3)
USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting...
CVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...