Debian Security Advisory DSA 3376-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library...

DSA-3376-1 chromium-browser - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-6584

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...

Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138

Compass Rose module provides a type of CCK field that allows to represent the most common orientations North, North-East, East, South-East, South, South-West, West and North-West. The module was embedding a JavaScript library from an external source that was not reliable, thereby exposing the sit...

SWFupload 2.5.0 Cross Frame Scripting

Document Title: =============== SWFupload 2.5.0 - Cross Frame Scripting XFS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1422 Release Date: ============= 2015-01-25 Vulnerability Laboratory ID VL-ID: ====================================...

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Document Title: =============== SWFupload 2.5.0 - Cross Frame Scripting XFS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1422 Release Date: ============= 2015-01-25 Vulnerability Laboratory ID VL-ID: ====================================...

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...

Firefox ESR 24.x < 24.7 Multiple Vulnerabilities

The version of Firefox ESR 24.x installed on the remote host is prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities

The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...

Firefox < 31.0 Multiple Vulnerabilities

The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

Firefox ESR 24.x< 24.7 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 24.x installed on the remote host is prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs...

CVE-2014-1556

CVE-2014-1556 affects Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7. The root cause is a flaw in WebGL content, constructed with the Cesium JavaScript library, that allows remote attackers to execute arbitrary code. Exploitation would occur via crafted Web...

Firefox 31 Patches 11 Security Flaws

Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues. There are actually several separate use-after-free...

CVE-2014-1556

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library...

Debian DSA-2939-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. - CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. - CVE-2014-1745...

Debian Security Advisory DSA 2939-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. CVE-2014-1745 Atte...

DSA-2939-1 chromium-browser - security update

Bulletin has no description...

MGASA-2014-0213 Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library CVE-2014-1730. John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation CVE-2014-1731. Khalil Zhani discovered a...