NoScript Anywhere Released, Supports Firefox Mobile on Android Devices

The new version of NoScript, the popular browser add-on that blocks JavaScript and other embedded objects from running on Web pages, is out in alpha form and it can now run on Android-based smartphones, giving users protection against script-based attacks on their mobile devices. The release of...

Debian: Security Advisory (DSA-2291-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

DEBIAN-CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Hardcoded credentials

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-3127

CVE-2011-3127 affects WordPress: versions 3.1 before 3.1.3 and 3.2 before Beta 2 do not prevent framing of admin or login pages, enabling clickjacking via a crafted site. Root cause: missing frame-embedding protection. Impact is remote via crafted site; mitigation is upgrading to WordPress 3.1.3 ...

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

WordPress <= 3.1.2 - Clickjacking Attacks

This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...

Debian DSA-2291-1 : squirrelmail - various vulnerabilities

Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote...

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Hardcoded credentials

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2011-2892

CVE-2011-2892 affects Joomla! 1.6.x before 1.6.2; the issue is that rendering can occur in a frame from a third-party HTML document, enabling clickjacking via a crafted site. Exploitation details are not provided in the documents; no remediation details are explicitly stated.

Fedora 14 : squirrelmail-1.4.22-2.fc14 (2011-9309)

fixes : - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user...

Fedora 15 : squirrelmail-1.4.22-2.fc15 (2011-9311)

fixes : - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user...

T Online Browser v6.x - ClickJacking Vulnerability

Document Title: =============== T Online Browser v6.x - ClickJacking Vulnerability Release Date: ============= 2011-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 143 Product & Service Introduction: =============================== Mit dem vielseitigen Browser 6.0...