The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality and integrity of protected information.

The vulnerability in the implementation of XrayWrapper in Mozilla Firefox and SeaMonkey allows malicious actors to bypass access restrictions by using a specially crafted web page, provided that the user visits it through a debugger. This enables operations such as unwrapping and calling DOM...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality and integrity of protected information.

The vulnerability exists in the API extension for Debugger in the browser/extensions/api/debugger/debuggerapi.cc module in Google Chrome, due to the lack of checking for the URL scheme of the tab before attaching. Exploiting this vulnerability allows malicious actors to circumvent access...

GDB Front End: PINCE

GDB Front End: PINCE is not Cheat Engine PINCE is a front-end/reverse engineering tool for the GNU Project Debugger GDB, focused on games. But it can be used for any reverse-engineering related stuff. PINCE is an abbreviation for “PINCE is not Cheat Engine”. PINCE’s GUI is heavily “inspired;D” by...

RHEL 7 : ocaml (RHSA-2016:1296)

An update for ocaml is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator Invalid Read

Foxit PDF Reader 1.0.1.0925 - CFXWideString::operator Invalid Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=745 We have identified the following crash due to an invalid read in Foxit PDF Reader version 1.0.1.0925 for Linux 64-bit, when started with a specially crafted PDF...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the libbacktrace/Backtrace.cpp function in the Android operating system’s debugger component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to enhance their privileges through an application that...

[SECURITY] Fedora 23 Update: ocaml-4.02.2-5.fc23

OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package comprises two batch compilers a fast bytecode compiler and an optimizing native-code compiler, an interactive toplevel system, parsing tools Lex,Yacc, a replay...

[SECURITY] Fedora 24 Update: ocaml-4.02.3-3.fc24

OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package comprises two batch compilers a fast bytecode compiler and an optimizing native-code compiler, an interactive toplevel system, parsing tools Lex,Yacc, a replay...

Extensible Debugger UI For Hackers: Voltron

Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers LLDB, GDB, VDB and WinDbg by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you ca...

[SECURITY] Fedora 24 Update: seamonkey-2.40-1.fc24

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

[SECURITY] Fedora 22 Update: seamonkey-2.40-1.fc22

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

[SECURITY] Fedora 23 Update: seamonkey-2.40-1.fc23

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

FLARE Script Series: Automating Obfuscated String Decoding

Introduction We are expanding our script series beyond IDA Pro. This post extends the FireEye Labs Advanced Reverse Engineering FLARE script series to an invaluable tool for the reverse engineer – the debugger. Just like IDA Pro, debuggers have scripting interfaces. For example, OllyDbg uses an...

[SECURITY] Fedora 23 Update: seamonkey-2.39-1.fc23

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

[SECURITY] Fedora 22 Update: seamonkey-2.39-1.fc22

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

[SECURITY] Fedora 21 Update: seamonkey-2.39-1.fc21

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...