Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)

USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If the user wer...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...

CVE-2013-1698

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...

Design/Logic Flaw

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...

Code injection

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...

CVE-2013-1695

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...

CVE-2013-1698

CVE-2013-1698 is MFSA 2013-60 describing a getUserMedia permission dialog issue in Mozilla Firefox prior to 22.0, where the dialog displays the top-level page URL instead of the specific page URL, enabling a crafted site to trick users into granting camera/microphone access. Affected product: Moz...

CVE-2013-1695

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element...

getUserMedia permission dialog incorrectly displays location — Mozilla

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions...

WHMCS CSRF All Versions Vulnerability

Exploit for php platform in category web applications Exploit Title: WHMCS CSRF All Versions 0day Team: MaDLeeTs Software Link: http://www.whmcs.com Version: All Site: http://www.MaDLeeTs.com Email: email protected Video http://vimeo.com/63686629 https://TARGETS...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

UBUNTU-CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

CVE-2013-1012

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements...

Cisco Iframe Injection

Dear Support, I have found iframe injection on newsroom.cisco.com. Affected URL: http://newsroom.cisco.com/blair-christie?articleId=%27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in%22%20width=%221000%22%20height=%221000%22%3E/ Below are the description for the same. IFrame Injection: Using...

CKEditor < 4.1 Drupal 6.x & 7.x - Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent XSS in wysiwyg CKEditor + Disclosure and Fix: This was disclosed to Drupal on 20/01/13, and was fixed with the release of ckeditor 4.1...

Drupal Module CKEditor &lt; 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting

Exploit Title: Persistent XSS in wysiwyg CKEditor + Disclosure and Fix: This was disclosed to Drupal on 20/01/13, and was fixed with the release of ckeditor 4.1 21/03/13...

Microsoft Fix It a Temporary Patch for IE 8 Zero Day Flaw

Microsoft has released a Fix-It to address an Internet Explorer 8 zero-day that was exploited in a watering hole attack against the U.S. Department of Labor website last week. The Fix It is a temporary mitigation until a patch is released. Microsoft’s next scheduled Patch Tuesday security updates...

Mandriva Linux Security Advisory : otrs (MDVSA-2013:112)

Updated otrs package fixes security vulnerabilities : Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allo...

Move Over Conficker, Web Threats are Top Enterprise Risk

Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is...