57 matches found
EUVD-2010-0495
Malware in sbrugna...
EUVD-2009-4595
Malware in sbrugna...
EUVD-2009-4594
Malware in sbrugna...
EUVD-2010-3792
Malware in sbrugna...
EUVD-2010-3808
Malware in sbrugna...
EUVD-2010-0494
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2010-3829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching...
Mozilla Firefox and Thunderbird Information Disclosure Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird have an information disclosure vulnerability that is caused by a CSP violation...
SUSE CVE-2009-4630
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the...
SUSE CVE-2009-4629
Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APPTYPEMAIL or APPTYPEEDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as...
Access Restrictions Bypass
WebKitGTK+ is vulnerable to access restriction bypass. The attack exists because of a flaw found in the way WebKit handled DNS prefetching. Even when it was disabled, web content containing certain "link" elements could cause WebKitGTK+ to perform DNS prefetching...
JamieWeb: Security headers missed on https://acme-validation.jamieweb.net/
Summary: Hi JamieWeb team, the https://acme-validation.jamieweb.net/ domain doesn't present some important security headers. The X-DNS-Prefetch-Control header isn't specified with value off, so is enabled b default on modern web browsers, and can lead to information disclosure...
Oracle Linux 6 : webkitgtk (ELSA-2011-0177)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0177 advisory. 1.2.6-2 - Added fix for js regression 1.2.6-1 - Update to 1.2.6 Tenable has extracted the preceding description block directly from the Oracle Linux...
Scientific Linux Security Update : webkitgtk on SL6.x i386/x86_64
Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785,...
RHEL 6 : webkitgtk (RHSA-2011:0177)
Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS...
Moderate: Red Hat Security Advisory: webkitgtk security update
Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Design/Logic Flaw
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...
CVE-2010-3829
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...
CVE-2010-3829
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...