7607 matches found
Debian DSA-2464-2 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory...
Fedora Update for mozilla-https-everywhere FEDORA-2012-7175
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 16 : mozilla-https-everywhere-2.0.3-2.fc16 (2012-7136)
Fix a possible SSL downgrade vulnerability. Fix upstream bug 5676, which fixes an SSL downgrade attack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much a...
[SECURITY] Fedora 15 Update: mozilla-https-everywhere-2.0.3-2.fc15
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to...
[SECURITY] Fedora 16 Update: mozilla-https-everywhere-2.0.3-2.fc16
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to...
[SECURITY] Fedora 17 Update: mozilla-https-everywhere-2.0.3-2.fc17
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to...
Fedora 16 : rubygems-1.8.11-3.fc16.1 (2012-6409)
With this new rubygems, HTTPS connection no longer redirects to HTTP. Also now rubygems verify SSL connection. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...
Fedora 15 : rubygems-1.7.2-5.fc15 (2012-6414)
With this new rubygems, HTTPS connection no longer redirects to HTTP. Also now rubygems verify SSL connection. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...
CVE-2012-2441
RuggedCom Rugged Operating System ROS before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a 1 SSH or 2 HTTPS session, a...
Session fixation
RuggedCom Rugged Operating System ROS before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a 1 SSH or 2 HTTPS session, a...
CVE-2012-2441
RuggedCom Rugged Operating System ROS before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a 1 SSH or 2 HTTPS session, a...
CVE-2012-2441
CVE-2012-2441 affects RuggedCom Rugged Operating System (ROS) versions prior to 3.3. A factory account password is derived from the MAC Address in the device banner, enabling remote attackers to gain access by authenticating via SSH or HTTPS. Related entry CVE-2012-1803 covers similar behavior en...
90% SSL sites vulnerable to the BEAST SSL attack
90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL Secure Sockets Layer attack, according to a report released Thursday by the Trustworthy Internet Movement TIM, a nonprofit organization dedicated to solving Internet security, privacy and reliability...
Thunderbird 10.0.x < 10.0.4 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An off-by-one error exists in the 'OpenType Sanitizer' which can lead to out-bounds-reads and possible code execution. CVE-2011-3062 - Memory safety issues exist that could lead to arbitrary...
CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...
Code injection
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...
Debian DSA-2457-2 : iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hal...
CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...
[SECURITY] [DSA 2457-1] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2457-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2012 http://www.debian.org/security/faq -...
Potential site identity spoofing when loading RSS and Atom feeds — Mozilla
Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for...