CVE-2021-23985

If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...

Keeping your business and personal instant messages secure

Most people want to know their instant messages are securely wrapped up—whether that's for personal privacy or making sure online scammers can't grab the message content. If you're sending text on a sensitive topic, or perhaps some photo attachments intended for one person only, you definitely...

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack

Overview Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the "DROWN" attack in the media. Description According to the researcher, "DROWN" is a new form of cross-protocol Bleichenbacher padding oracle...

Microsoft VBScript And JScript Scripting Engines Integer Overflow Code Execution Vulnerability

Description Microsoft VBScript and JScript scripting engines are prone to a remote code-execution vulnerability due to an integer-overflow error. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run wit...