EUVD-2015-1370

Malware in sbrugna...

Ubuntu 14.04 LTS : Firefox regression (USN-2880-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2880-2 advisory. USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update...

USN-2880-1: Firefox vulnerabilities

Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...

Code injection

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

CVE-2015-5841

CVE-2015-5841 concerns the CFNetwork Proxies component on macOS/iOS. Root cause: improper handling of a Set-Cookie header in HTTP CONNECT responses, enabling a remote proxy to inject cookies via a crafted response. Public references in Apple advisories show mitigation by removing the Set-Cookie h...

CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...