Mozilla Firefox ESR Security Advisories (MFSA2017-01, MFSA2017-02) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

UBUNTU-CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

Debian DSA-3731-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

CVE-2016-5164

Removed by vendor...

CVE-2016-5165

CVE-2016-5165 is a Cross-site Scripting vulnerability in Google Chrome’s DevTools (DevTools subsystem) allowing remote attackers to inject arbitrary web script or HTML via the settings parameter of a chrome-devtools-frontend.appspot.com URL query string. Affected: Google Chrome on Windows, macOS ...

Debian Security Advisory DSA 3660-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5147 A cross-site scripting issue was discovered. CVE-2016-5148 Another cross-site scripting issue was discovered. CVE-2016-5149 Max Justicz discovered a script injection issue in extension handling. CVE-2016-5150 ...

DSA-3660-1 chromium-browser - security update

Bulletin has no description...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

Debian DSA-3645-1 : chromium-browser - security update

Several vulnerabilites have been discovered in the chromium web browser. - CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. - CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. - CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issu...

[SECURITY] [DSA 3645-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3645-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3645-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue...