5272 matches found
CVE-2015-8601
CVE-2015-8601 affects the Drupal Chat Room module for Drupal 7.x (versions before 7.x-2.2). The vulnerability arises from insufficient permission checks when establishing a websocket for chat messages, enabling remote attackers to bypass access controls and read messages in arbitrary chat rooms v...
Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169
Chat Room enables site owners to integrate chats into nodes by adding the chat room field to them. The module relies on a websocket connection to send chat messages to the client. The module doesn't sufficiently validate access before setting up the websocket. As a result, users may receive...
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...
Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)
The version of Thunderbird installed on the remote Mac OS X host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, vi...
Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to circumvent existing access restrictions
The vulnerability of Firefox and Firefox ESR browsers is related to errors in the creation of WebSocket objects. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions using specially crafted JavaScript code...
wireshark: WebSocket DoS (wnpa-sec-2015-13)
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...
openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss / etc (openSUSE-2015-718)
Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. SeaMonkey was updated to 2.39. New features in Mozilla Firefox : - Private Browsing with Tracking Protection blocks certain Web elements that could be used to record yo...
Mozilla Firefox and Firefox mixed-content restriction bypass vulnerability
Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. Mozilla Firefox incorrectly uses a web worker to create WebSocket objects, which allows remote attackers to bypass mixed-content restrictions and gain unauthorized access using specially crafted...
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1926-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
Code injection
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
CVE-2015-7197
CVE-2015-7197 affects Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, where a web worker can instantiate a WebSocket object, bypassing mixed-content restrictions via crafted JavaScript. Connected sources confirm the description and show remediation paths (update Firefox to 42.0+ or ...
Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
UBUNTU-CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
Mixed content WebSocket policy bypass through workers — Mozilla
Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy...
libcacard, qemu security update
CentOS Errata and Security Advisory CESA-2015:1943 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, whic...
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20151027)
It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory...