Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

UBUNTU-CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

CVE-2015-2312

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service CPU and possibly general resource consumption via a list with a large number of elements...

CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Fedora 24 : webkitgtk4 (2017-37f68e3534)

This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...

Code injection

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements...

CVE-2017-7011

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements...

Fedora 25 : webkitgtk4 (2017-bff1b87765)

This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...

Firefox 54.0.1 Denial Of Service

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0.1 Vulnerability Type:...

Firefox 54.0.1 - Denial of Service

Firefox 54.0.1 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0....

Firefox 54.0.1 - Denial of Service

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0.1 Vulnerability Type:...

Security feature bypass

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microso...

Access Restriction Bypass

Moodle is susceptible to access restriction bypass. The bypass exists because frozen form elements are not handled properly. Therefore, it allows authenticated users to manipulate them when submitting form data...

CVE-2017-5173

Geutebrück G-Cam/EFD-2250 (Firmware 1.11.0.12) is affected by two CVEs: CVE-2017-5173 (Improbable neutralization of special elements in OS commands) and CVE-2017-5174 (Authentication bypass). CVE-5174 enables remote authentication bypass; CVE-5173 can allow remote code execution via crafted reque...

CVE-2017-5173

An Improper Neutralization of Special Elements in an OS command issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call...

CVE-2017-5173

An Improper Neutralization of Special Elements in an OS command issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call...

Mozilla: Use-after-free during style changes (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

GitLab Cross-Site Scripting Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...