821 matches found
Arbitrary Code Execution
Firefox and Firefox ESR are vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable Developer Tools component to allow code execution when opening a malicious page with the style editor tool due to improper sanitization of the web page source...
Privilege Escalation
Firefox is vulnerable to privilege escalation attacks. The JSON viewer in the Developer Tools use insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data which allows a remote user to monitor the network and obtain potentially sensitive information in...
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
Command injection
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash o...
CVE-2019-9804
CVE-2019-9804 is a macOS-specific issue in Firefox Developer Tools where pasting the output of the ‘Copy as cURL’ command could cause the execution of unintended additional bash commands if the URL was maliciously crafted. The root cause is tied to how the native Bash on macOS handles the pasted ...
Google Chrome Developer Tools Incorrect Escape Vulnerability
Google Chrome is a web browser from Google, and Developer Tools is one of the developer tools components. A security vulnerability exists in Developer Tools in Google Chrome versions prior to 74.0.3729.108. The vulnerability can be exploited by an attacker to bypass security restrictions and gain...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 74 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 74.0.3729.108 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...
KLA11459 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS...
Commando VM - The First of Its Kind Windows Offensive Distribution
Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Instructions 1. Create and configure a new Windows Virtual Machine...
Mozilla Firefox Firefox Developer Tools Code Execution Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Firefox Developer Tools is one of the developer tools component. A security vulnerability exists in Firefox Developer Tools in versions of Mozilla Firefox prior to 66 on the macOS platform. The vulnerability can be exploite...
KLA11433 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A tampering vulnerability in NuGet Package Manager can be exploited remotely to spoo...
[SECURITY] [DSA 4395-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...
Debian DSA-4395-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. - CVE-2019-5755 Jay Bosamiya discovered an implementation erro...
KLA11419 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A...
CVE-2018-6111
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...
CVE-2018-6111
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...