Mozilla Patches Critical Bug in Thunderbird

Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Mozilla said Thunderbird, which is also serves as a news, RSS and chat...

Security vulnerabilities fixed in Thunderbird 52.5.2 — Mozilla

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...

WordPress Super Simple Custom CSS 1.2 Cross Site Scripting Vulnerability

WordPress Super Simple Custom CSS plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Vulnerable Super Simple Custom CSS 1.2 Super Simple Custom CSS is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A...

WordPress Super Simple Custom CSS 1.2 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Super Simple Custom CSS 1.2 Super Simple Custom CSS is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WebKit - WebCore::SimpleLineLayout::RunResolver::runForPoint Out-of-Bounds Read Exploit

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1349 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC:...

[SECURITY] Fedora 27 Update: roundcubemail-1.3.3-1.fc27

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 26 Update: roundcubemail-1.3.3-1.fc26

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Firefox 57 "Quantum" Released – 2x Faster Web Browser

It is time to give Firefox another chance. The Mozilla Foundation today announced the release of its much awaited Firefox 57, aka Quantum web browser for Windows, Mac, and Linux, which claims to defeat Google's Chrome. It is fast. Really fast. Firefox 57 is based on an entirely revamped design an...

berg.com.tr XSS vulnerability

Open Bug Bounty ID: OBB-385726 Description| Value ---|--- Affected Website:| berg.com.tr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

GHSA-Q759-HWVC-M3JG actionpack Cross-site Scripting vulnerability

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

KLA11126 Multiple vulnerabilities in Apple Safari

Multiple serious vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting, bypass security restrictions, obtain sensitive information oe execute arbitrary code. Below is complete list of...

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

KLA11103 Multiple arbitrary code execution vulnerabilities in Adobe Flash Player

Multiple serious memory corruption vulnerabilities have been found in Adobe Flash Player versions earlier than 27.0.0.130. Malicious users can exploit these vulnerabilities to execute arbitrary code. NB: These vulnerabilities does not have any public CVSS ratings, so overall rating can be changed...

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

Researchers say a new exploitable attack vector for email, one that could enable the changing of email content content post-delivery, could let attackers bypass security controls and trick victims into clicking through to a malicious site. Details of the exploit called ROPEMAKER, which stands for...

KLA11123 PE vulnerability in Xamarin.iOS

A serious vulnerability in the Xamarin.iOS can be exploited locally to gain privileges. Technical details To exploit this vulnerability, an attacker would have to log on to an affected system and create a folder at a particular location. which could be used by another process running with elevate...

Tor: Simple CSS line-height identifies platform

There are lots of ways to identify the Tor Browser. User-Agent string, limited time resolution, no media, etc. Assume you know it is the Tor Browser. Can you tell what platform? NOTE: This assumption is well within the scope of the Tor Browser. The Tor Browser does not hide the fact that it is th...

CVE-2017-2285

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2285

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2285

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...