1551 matches found
Fedora 26 : qt5-qtwebengine (2018-c0d3db441f)
This update updates QtWebEngine to the 5.10.1 bugfix and security release. QtWebEngine 5.10.1 is part of the Qt 5.10.1 release, but only the QtWebEngine component is included in this update. This update includes : - Security fixes from Chromium up to version 64.0.3282.140. Including:...
Security vulnerabilities fixed in Firefox 56 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...
chromium-browser: ui spoofing in blink
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page...
April 25, 2017—KB4016240 (OS Build 15063.250)
None None...
Chrome Universal XSS via fullscreen element updates (CVE-2016-5207)
VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/dom/Fullscreen.cpp: void Fullscreen::didEnterFullscreenForElementElement element ... // FIXME: This should not call updateStyleAndLayoutTree. document-updateStyleAndLayoutTree; ... Indeed. |didEnterFullscreenForElement| may be called in th...
SUSE-SU-2016:3105-1 Security update for MozillaFirefox, mozilla-nss
This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 bsc1009026: - CVE-2016-9079: Use-after-free in SVG Animation bsc1012964 MFSA 2016-92 - CVE-2016-5297: Incorrect argument length checking in Javascript...
UBUNTU-CVE-2016-5187
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox URL bar via crafted HTML pages...
CVE-2016-5174
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
CVE-2016-5174
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
CVE-2016-5174
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
Design/Logic Flaw
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
UBUNTU-CVE-2016-5174
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
chromium-browser: popup not correctly suppressed
browser/ui/cocoa/browserwindowcontrollerprivate.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service unsuppressed popup via a crafted web site...
Google Chrome < 53.0.2785.113 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 53.0.2785.113. It is, therefore, affected by multiple vulnerabilities as referenced in the 201609stable-channel-update-for-desktop13 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (SUSE-SU-2016:1691-1)
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. Mozilla Firefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed : - CVE-2016-2834: Memory safety bugs in NSS MFSA...
SUSE-SU-2016:1799-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss
MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS MFSA 2016-61 bsc983639. -...
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-704)
This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...
CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service UI outage, or conduct clickjacking or spoofing attacks, via a crafted web site...
DEBIAN-CVE-2016-2831
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service UI outage, or conduct clickjacking or spoofing attacks, via a crafted web site...
Security update for MozillaFirefox, mozilla-nss (important)
This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...