IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...

Red Hat OpenShift Origin API Server Denial of Service Vulnerability

Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...

openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)

update to Firefox 40.0 bnc940806 - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New...

CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:1390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Redefinition of non-configurable JavaScript object properties (MFSA 2015-82)

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

USN-2702-1 firefox vulnerabilities

Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via...

F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability

F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10064)

Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. - Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corrupti...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

UBUNTU-CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

UBUNTU-CVE-2013-6401

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...

Mozilla Thunderbird code execution

It's possible to execute javascript via object tag...

rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service assertion...

SeaMonkey < 2.3.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.3.0. Such versions are potentially affected by the following security issues : - An error in SVG text manipulation code creates a dangling pointer vulnerability. CVE-2011-0084 - Multiple, unspecified memory safety issues exist. CVE-2011-2985 - ...