Android Security Bulletin—July 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...

Integer overflow allocating extremely large textures — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered...

Google Pwnium Program Now Open All Year

Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest a...

Out-of-bounds write with WebM video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback...

libvpx -- out-of-bounds write

The Mozilla Project reports: Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash...

Firefox 32 Debuts With Public-Key Pinning, Several Security Fixes

Mozilla has released Firefox 32, the latest version of its browser, which now supports public-key pinning and also includes fixes for several critical security vulnerabilities. The move to support public-key pinning is an important one for Firefox, as it helps protect users against...

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 Safari 6.1.6 and Safari 7.0.6 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4 Impact...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)

Mozilla Firefox was updated to the 4.0.1 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances,...

Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution...

May 2014 Apple Safari Browser Security Patches

Apple released an update to Safari yesterday patching 22 vulnerabilities in the WebKit browser engine that allow code execution or a browser crash. Safari 7.0.4 is available for OS X Mavericks 10.9 and Safari 6.1.4 for OS X Mountain Lion 10.8. The vulnerabilities could be exploited if the user wa...

Buffer overflow when using non-XBL object as XBL — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is...

Use-after-free in the Text Track Manager for HTML video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a...

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8491)

Mozilla Firefox has been updated to the 17.0.10ESR release, which fixes various bugs and security issues : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...

[SECURITY] [DSA 2786-1] icu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2786-1 [email protected] http://www.debian.org/security/ Michael Gilbert October 27, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2786-1 (icu - several vulnerabilities)

The Google Chrome Security Team discovered two issues a race condition and a use-after-free issue in the International Components for Unicode ICU library. OpenVAS Vulnerability Test $Id: deb2786.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2786-1 using nvtgen 1.0...

Debian: Security Advisory (DSA-2786-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution...

Memory corruption found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...

Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities

Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year. One of the key...