Memory corruption

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

CVE-2016-1966

CVE-2016-1966 affects Mozilla Firefox and Firefox ESR. The issue is a dangling pointer dereference in NPAPI handling (nsNPObjWrapper::GetNewOrUsed) in dom/plugins/base/nsJSNPRuntime.cpp, allowing a crafted NPAPI plugin to cause a remote crash or arbitrary code execution. Exploitation in the wild ...

FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)

Mozilla Foundation reports : MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...

CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...

Fedora 22 : webkitgtk4-2.8.4-2.fc22 (2015-11395)

WebKitGTK+ 2.8.4 includes fixes for 12 security issues. Additional fixes : - Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. - Improve detection and usage of GL/GLES/EGL libraries. - Fix a crash on memory allocation using bmalloc on 32bit...

Java Deployment Toolkit Performs Insufficient Validation of Parameters

No description provided by source. Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications...

PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box

For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Ha...

CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

Design/Logic Flaw

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

Overview Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page. Description It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so symlinked to /usrl/lib/browser/plugins/libkindleplugin.so tha...

CVE-2010-1423

Argument injection vulnerability in the URI handler in a Java NPAPI plugin and b Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the 1 -J or 2 -XXaltjvm argument to javaws.exe...

Java Deployment Toolkit insufficient argument validation

Overview The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation, allowing an attacker to perform several attacks, including the execution of an arbitrary JAR file. Description The Sun Java Deployment Toolkit contains an NPAPI Netscape compatible plugin...

Java Deployment Toolkit Performs Insufficient Validation

Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications using a URL to a Java Networking...

Java Deployment Toolkit Performs Insufficient Validation of Parameters

Exploit for windows platform in category remote exploits ====================================================================== Java Deployment Toolkit Performs Insufficient Validation of Parameters ====================================================================== Java Deployment Toolkit...