3807 matches found
Buffer overflow
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...
Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89)
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...
CVE-2013-1732
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...
Xibo - layout HTML Injection
Xibo - layout HTML Injection source: https://www.securityfocus.com/bid/62063/info Xibo is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially...
Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063
Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...
[SECURITY] Fedora 18 Update: bluetile-0.6-13.fc18
Bluetile is a tiling window manager for Linux, designed to integrate with the GNOME desktop environment. It provides both a traditional, stacking lay out mode as well as tiling layouts where windows are arranged to use the entire screen without overlapping. Bluetile tries to make the tiling...
Solving rendering performance puzzles
You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...
Adobe PageMaker Detection
The remote host has Adobe PageMaker installed. Adobe PageMaker is page layout software that was discontinued and succeeded by Adobe InDesign. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69098; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate...
OpenJDK: Incorrect image layout verification (2D, 8012601)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image layout verification (2D, 8012601)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image layout verification (2D, 8012601)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
Oracle Linux 5 : kernel (ELSA-2013-0168)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0168 advisory. - x86 mm: randomize SHLIBBASE Petr Matousek 804953 804954 CVE-2012-1568 - net ipv6: discard overlapping fragment Jiri Pirko 874837 874838 CVE-2012-4444...
Oracle Linux 5 : kernel (ELSA-2013-1034-1)
From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...
Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-0751)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0751 advisory. 1.7.0.19-2.3.9.1.0.1.el64 - Update DISTRONAME in specfile 1.7.0.19-2.3.9.1.el6 - updated to updated IcedTea 2.3.9 with fix to one of security fixes -...
Kernel: sa_restorer information leak
The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...
RHEL 5 : kernel (RHSA-2013:1034)
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
OpenJDK: Incorrect image layout verification (2D, 8012601)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
CentOS 5 : kernel (CESA-2011:0833)
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Microsoft Internet Explorer SmartDispClient Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
OpenJDK: Incorrect image layout verification (2D, 8012601)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...