95 matches found
Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)
This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 boo1052829 : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection -...
Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
UBUNTU-CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...
PT-2017-19223 · Sma Solar Technology · Sunny Tripower +3
Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: The SMAdata2+ communication protocol in SMA Solar Technology products does not properly us...
DEBIAN-CVE-2017-11406
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values...
Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...
CVE-2017-5386
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...
UBUNTU-CVE-2017-5386
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...
CVE-2017-5386
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...
Security vulnerabilities fixed in Firefox 51 — Mozilla
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...
New Relic: [login.newrelic.com] XSS via return_to
The returnto parameter is not validated properly, which allows an attacker to execute javascript via the data: protocol: https://login.newrelic.com/login?returnto=data:text/html%3Bbase64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg%3D%3D Despite being executed not in the newrelic domain, the script still c...
Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing
Binary data 9017.prm...
Apple Safari SOP bypass (CVE-2015-3753)
Damien Antipa and me love browser security. Hence we always keep up to date on what is going on this field. Few months ago Christian Schneider blogged about Chrome SOP Bypass with SVG. We decided to poke some other browser using the same technique and the outcome was CVE-2015-3753. The SOP-bypass...
TextSecure to Drop Support for Encrypted SMS
Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security an...
Microsoft Windows multiple security vulnerabilities
Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS...
Denial of service
The WCF Replace function in the Open Data aka OData protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service resource consumption and daemon restart via craft...
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
This host is missing an important security update according to Microsoft Bulletin MS13-004. OpenVAS Vulnerability Test $Id: secpodms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Open Data Protocol DOS Vulnerability 2769327 Authors: Antu Sanadi Copyright: Copyright c 2013...