Facebook 'Like' Scam Driven by Malicious Chrome Extension

A Kaspersky Lab researcher has discovered a Brazilian social engineering campaign that attempts to trick Facebook users into installing a malicious plug-in hosted on Google’s Chrome Web Store. The Facebook scam-page solicits victims by promising to teach them how to “remove the virus from their...

FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 117620 117656 Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption by leveraging an error in the plug-in loading mechanism...

CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption by leveraging an error in the plug-in loading mechanism...

CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption by leveraging an error in the plug-in loading mechanism...

Memory corruption

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption by leveraging an error in the plug-in loading mechanism...

CVE-2011-3047

Removed by vendor...

chromium -- Errant plug-in load and GPU process memory corruption

Google Chrome Releases reports: 117620 117656 Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie...

CVE-2011-3845

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

Design/Logic Flaw

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

CVE-2011-3845

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

java security update

CentOS Errata and Security Advisory CESA-2012:0135 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring Syste...

LuraWave JP2 Browser Plug-In < 2.1.1.11 npjp2.dll Remote Buffer Overflow

The version of the LuraWave JP2 Browser Plug-In installed on the remote Windows host is earlier than 2.1.1.11 and thus reportedly contains a stack-based buffer overflow vulnerability. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2012:0103 An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CVE-2012-0978

CVE-2012-0978 describes a stack-based buffer overflow in the npjp2.dll component of the LuraWave JP2 Browser Plug-In. The vulnerability affects versions up to, but not including, 2.1.1.11 (the plug-in versions before 2.1.1.11). An attacker could trigger the overflow by processing a crafted JPEG20...

CVE-2012-0978

Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 JP2 file with a crafted Quantization Default QCD marker segment...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...