CVE-2015-2713

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a document containing crafted text in...

CVE-2015-2713

CVE-2015-2713 is a use-after-free in Mozilla Firefox (SetBreaks) affecting Firefox before 38.0, Firefox ESR before 31.7, and Thunderbird before 31.7. An attacker could craft a document with specific CSS tokens for vertical text to cause heap memory corruption, enabling remote code execution or a ...

CVE-2015-2710

CVE-2015-2710 is a memory-safety vulnerability in Mozilla Firefox and Thunderbird where the SVGTextFrame handles crafted SVG/CSS data, causing a heap-based buffer overflow. A remote attacker could potentially execute arbitrary code by enticing a user to open specially crafted content. The issue a...

Mozilla Thunderbird SVG Content and CSS Handling Buffer Overflow Vulnerability

Mozilla Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A buffer overflow vulnerability exists in Mozilla Thunderbird's handling of SVG content and CSS, which allows remote attackers to exploit the vulnerability by submitting a specially crafted HTML message that c...

Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary...

UBUNTU-CVE-2015-2710

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets CSS token sequence...

Firefox < 38.0 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists in the Inter-process Communications IPC implementation due to a failure to validate the identity of a listener...

Firefox < 38.0 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 38.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code...

Firefox 38 Fixes 13 Flaws, Ships With DRM Support

Mozilla has fixed 13 security flaws in Firefox 38, including five critical vulnerabilities. The new version of the browser also includes a feature that enables the use of DRM-enabled video content in Firefox, a decision that comes with some controversy. DRM digital rights management, the generic...

Buffer overflow with SVG content and CSS — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash...

[SECURITY] Fedora 22 Update: drupal7-ctools-1.7-1.fc22

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Microsoft Internet Explorer CQuotes Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

KLA10536 Multiple vulnerabilities in Citrix NetScaler

Multiple serious vulnerabilities have been found in Citrix NetScaler. Malicious users can exploit these vulnerabilities to execute or inject arbitrary code and conduct XSS attack. Below is a complete list of vulnerabilities 1. XSS vulnerability can be exploited remotely via a specially designed...

[SECURITY] Fedora 21 Update: drupal7-ctools-1.7-1.fc21

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Internet Explorer HTML CSS Tag Rendering Memory Corruption (MS10-018) - Ver2 (CVE-2010-0807)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to exit unexpectedly...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...

KLA10504 Multiple vulnerabilities in Cisco products

Multiple serious vulnerabilities have been found in Cisco products. Below is a complete list of vulnerabilities 1. Improper serial port restrictions in Cisco Virtual TelePresence Server Software can be exploited locally via a specially designed OS commands; 2. An unknown vulnerability in Cisco CS...

Mozilla Firefox < 36.0 Multiple Vulnerabilities

Binary data 8653.prm...

SA-CONTRIB-2015-075 - Perfecto - Open Redirect

The Perfecto module allows themers accurately calibrate the CSS by floating compositions over the page. The module doesn't sufficiently check user supplied URLs in parameters used for page redirection. An attacker could trick users to visit malicious sites without realizing it. CVE identifiers...

Microsoft Internet Explorer BuildAnimation Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability lies in Internet...