3802 matches found
Mozilla Tackles XSS Vulnerabilities, Clickjacking Attacks
Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting XSS plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by...
Social networking attacks target enterprise data
By Alex Rothacker, Team SHATTER It seems as though the latest rash of threats and attacks all have a familiar ring to them: they’re all aimed at social networking sites like Twitter and Facebook, which is interesting, because smart attackers will use whatever means possible to get to the stuff th...
Threatpost News Wrap #3: Patch releases, RFC1918 attack
Threatpost editors Ryan Naraine and Dennis Fisher discuss this week’s massive patch releases by Microsoft, Adobe and Apple, the RFC1918 attack paper by Robert Hansen and who they’d pick in a rotisserie hacker draft. Download SHOW NOTES: New attack class exploits intranet weaknesses The time has...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
Design/Logic Flaw
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
Removed by vendor...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1681
Summary: CVE-2009-1681 affects WebKit in Apple Safari (and iPhone OS variants) where loading third-party content into a subframe bypasses the Same Origin Policy, enabling clickjacking. The connected documents provide detailed CVE entries and advisories, notably Debian DSA-1950-1 and openVAS/Nessu...
Internet Explorer 8 includes a bevy of security features
By Robert Westervelt, SearchSecurity.com Microsoft has officially released Internet Explorer 8 today microsoft.com with a number of new security features to improve privacy and protect against phishing and cross-site-scripting attacks. From the article: Microsoft is trying to mitigate some of the...
The Ryan & Roel Show Episode 2
Clickjacking: Ryan and Roel tackle browser-threat hype – Tue, October 21, 2008 The cross-browser clickjacking threat, malware on new Asus EEE machines, phishing and the elections/financial crisis, the iPhone security mess, Microsoft Patch Tuesday and the exploding fraudware/rogueware problems...
GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...
Adobe Flash Player Multiple Vulnerabilities (Mar 2009) - Linux
Adobe Products is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
This host is installed with Adobe Products and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeflashplayermultvulnmar09lin.nasl 6476 2017-06-29 07:32:00Z cfischer $ Adobe Flash Player Multiple Vulnerabilities - Mar09 Linux Authors: Sharath S Copyright: Copyright c 200...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...
CVE-2009-0114
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."...
CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."...
CVE-2009-0114
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."...
Design/Logic Flaw
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."...