27 matches found
MiracleLinux 7 : firefox-60.7.0-1.0.1.el7.AXS7 (AXSA:2019-3895:02)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3895:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 Mozilla: Cross-origin theft of images with createImageBitmap...
EUVD-2019-3412
Malware in sbrugna...
A week in security (November 06 – November 12)
Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes...
SUSE CVE-2019-11742
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...
Mozilla Firefox Security Advisory (MFSA2011-51) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Shopify: [Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image
Hello Shopify, when testing Shopify Ping share image function, I discovered an Amazon S3 bucket which has public access which allows an attacker to view all the image of other merchant & users. Steps To Reproduce: 1. Install Shopify Ping on your phone then enable Shopify Chat for your store. 2. G...
CVE-2019-11742
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...
DEBIAN-CVE-2019-11742
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...
Mozilla Firefox Unauthorized Access Vulnerability (CNVD-2019-30438)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An unauthorized access vulnerability exists in Mozilla Firefox versions prior to 69, which can be exploited by attackers to steal images across domains...
UBUNTU-CVE-2019-11742
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...
CVE-2019-9817
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)
Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9800 - Mozilla: Cross-origin theft of images with createImageBitmap CVE-2019-9797 - Mozilla: Stealing of cross-domain images using canvas CVE-2019-9817 - Mozilla: Compartment mismatch with fetch API...
Mozilla: Cross-origin theft of images with createImageBitmap
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...
SUSE-SU-2019:1405-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694:...
Mozilla: Cross-origin theft of images with createImageBitmap
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...
openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)
Mozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities : - MFSA 2011-52 - Code execution via NoWaiverWrapper CVE-2011-3655 - MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU CVE-2011-3653 - MFSA 2011-50 - Cross-origin data...
Mozilla Thunderbird < 24.2 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 24.2 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two use-after-free...
Firefox < 26.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 26.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - An issue exists where the...
JPEG information leak — Mozilla
Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan SOS and Define Huffman Table DHT markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft...
Mozilla Firefox < 8.0 Multiple Vulnerabilities
Binary data 6788.prm...