Mozilla Firefox Security Advisory (MFSA2015-78) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Implant Teardown

Posted by Ian Beer, Project Zero In the earlier posts we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posixspawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant...

The IE 11 browser is the explosion of security vulnerabilities: remotely steal local PC file-bug warning-the black bar safety net

Recently security experts in the IE 11 browser on the found new vulnerabilities in the process. MHT saved page can allow a hacker to steal the PC on the file. More importantly. MHT file format the default processing application is the IE 11 browser, so even the Chrome as the default web browser o...

Airmail 3 Exploit Instantly Steals Info from Apple Users

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...

Brave Software: Access to local file system using javascript

Hey, The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that iframe because this can be used to post the contents to the attackers server. something else I...

FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net

0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...

SUSE-SU-2015:1476-1 Security update for MozillaFirefox, mozilla-nss

Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR bsc943608 MFSA 2015-94/CVE-2015-4497 bsc943557 Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 bsc943558...

Security update for MozillaFirefox (important)

update to Firefox 40.0 bnc940806 Added protection against unwanted software downloads Suggested Tiles show sites of interest, based on categories from your recent browsing history Hello allows adding a link to conversations to provide context on what the conversation will be about New style for...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150807)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

firefox: local file stealing via PDF reader

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...

HP WebInspect 10.4 - XML External Entity Injection

HP WebInspect 10.4 - XML External Entity Injection Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits...

Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/282/info A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4....

Internet Explorer 4.0/5.0 DHTML Edit ActiveX Control File Stealing and Cross Frame Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. The DHTML...

Mac OS X Trojan Goes Bitcoin Mining, Steals Files

A new Trojan targeting Mac OS X users is not only after data, but Bitcoins as well. The malware is being detected by Sophos as Miner-D, but is also known as DevilRobber. According to Sophos, the Trojan is hiding inside pirated versions of the Mac OS X image editing application GraphicConverter...

Using Blended Browser Threats involving Chrome to steal files on your computer

For complete post with images, please visit http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch rome-to-steal-files-on-your-computer/ SECURETHOUGHTS.COM ADVISORY ============================================= - CVE-ID : CVE-2009-XXXX Chrome Pending - Release Date : Novembe...

Immunity Canvas: SAFARI_FILE_STEALING2

Name| safarifilestealing2 ---|--- CVE| CVE-2009-1699 Exploit Pack| CANVAS Description| Safari 3.2 XSL File Stealing Notes| CVE Name: CVE-2009-1699 VENDOR: Apple Reference: http://scary.beasts.org/security/CESA-2009-006.html Arugments: After you have placed your single file in the correct...

Ubuntu: Security Advisory (USN-619-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Foundation Security Advisory 2009-03

Mozilla Foundation Security Advisory 2009-03 Title: Local file stealing with SessionStore Impact: High Announced: February 3, 2009 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 3.0.6 Description Mozilla security researcher mozbugra4 reported that a form input control's type could be...