74 matches found
CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
CVE-2017-7835
CVE-2017-7835 affects Mozilla Firefox < 57.0. The issue is that mixed content blocking for insecure (HTTP) sub-resources in HTTPS pages failed for resources that redirect from HTTPS to HTTP, allowing blocked content such as scripts to load. The connected Nessus/Ubuntu advisories corroborate th...
CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
Ubuntu: Security Advisory (USN-3477-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3477-3: Firefox regressions
USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...
Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3477-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3477-2 advisory. USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search...
USN-3477-2 firefox regression
USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3477-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3477-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...
Mozilla Firefox Security Advisories (MFSA2017-24, MFSA2017-25) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox Security Advisories (MFSA2017-24, MFSA2017-25) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
UBUNTU-CVE-2017-7835
Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...
palemoon -- multiple vulnerabilities
Pale Moon reports: CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers CVE-2017-7835: Mixed content blocking incorrectly applies with redirects CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags...
CVE-2017-3814
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...
CVE-2017-3814
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...
Apple iTunes < 12.3.2 Multiple Vulnerabilities (uncredentialed check)
The version of Apple iTunes running on the remote Windows host is prior to 12.3.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component : - Multiple memory corruption issues exists that an attacker can exploit to cause a denial of service or execute arbitrary code...
Apple iTunes < 12.3.2 Multiple Vulnerabilities (credentialed check)
The version of Apple iTunes installed on the remote Windows host is prior to 12.3.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component : - Multiple memory corruption issues exists that an attacker can exploit to cause a denial of service or execute arbitrary code...
SonicWall SOHO3 6.3 Content Blocking Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4755/info The Sonicwall SOHO3 is an Internet security appliance that provides firewall security solutions. Reportedly, a vulnerability exists in the product that allows for a script injection attack to be launched from a...
Mozilla Fixes 10 Vulnerabilities with Firefox 25
Mozilla released the 25th version of its mobile and desktop Firefox browser yesterday, fixing 10 vulnerabilities, five of them critical. The United States Computer Emergency Readiness Team US-CERT warned yesterday the vulnerabilities could let an attacker execute arbitrary code, bypass access...
Firefox Adds Mixed Content Blocking by Default
The proliferation of SSL-protected sites has been a boon for security conscious Web users in the last couple of years, as more and more sites have taken the step of offering encrypted connections for sensitive sessions. But one of the problems that’s cropped up is that the dynamic nature of today...