12 matches found
SUSE CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...
Debian DSA-3849-1 : kde4libs - security update
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not...
Debian Security Advisory DSA 3849-1 (kde4libs - security update)
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitiz...
Updated kdelibs4 packages fix security vulnerability
Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...
security flaw
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
security flaw
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
DEBIAN-CVE-2006-3808
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
security flaw
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...
PAC privilege escalation using Function.prototype.call — Mozilla
mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...