Fedora 22 : webkitgtk4-2.8.4-2.fc22 (2015-11395)

WebKitGTK+ 2.8.4 includes fixes for 12 security issues. Additional fixes : - Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. - Improve detection and usage of GL/GLES/EGL libraries. - Fix a crash on memory allocation using bmalloc on 32bit...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Unity Web Player Zero-Day Vulnerability Disclosed

Some detail has been disclosed about a zero-day vulnerability in the Unity Web Player browser plugin that can allow an attacker to use a victim’s credentials to read messages or otherwise abuse their access to online services. The partial disclosure was made after nearly six months of bug-report...

Dennis Fisher and Mike Mimoso Discuss the Windows HTTP.sys Vulnerability and More

Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia. Download: digitalunderground195.mp3 Music by Chris Gonsalves...

Google Shuts Off NPAPI in Chrome

With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of...

Google Launches Chrome 42 with Push Notifications

Google has finally rolled out the latest version of its popular web browser, i.e. Chrome 42 for Windows, Mac, and Linux users that now lets websites send you alerts, no matter your browser is open or not. The release of the latest Chrome 42 version is a great deal as it costs Google more than...

Internet Bug Bounty: HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings

This vulnerability is present in both Google Chrome's PepperFlash aswell as browsers with the NPAPI Flash Player versions. It works by MITM'ing the Flashplayer settings manager. Although this settings manager is served over HTTPS, it is still possible to place or edit the local settings cookie by...

Java Deployment Toolkit Performs Insufficient Validation of Parameters

No description provided by source. Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications...

Google to Block Many Plug-Ins Starting in 2014

Google is planning a major changes in the way that Chrome handles many plug-ins. Beginning early next year, Chrome will no longer support the old Netscape Plug-In API and will block plug-ins that use it. Eventually, that will mean that some plug-ins such as Google Earth, Microsoft Silverlight and...

Debian DSA-2724-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline. - CVE-2013-2867 Chrome does not properly prevent pop-under windows. -...

Debian Security Advisory DSA 2724-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline. CVE-2013-2867 Chrome does not properly prevent pop-under windows...

DSA-2724-1 chromium-browser - several

Bulletin has no description...

Google Chrome Multiple Vulnerabilities-01 (Jul 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

Code injection

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

Google Chrome < 28.0.1500.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.71 and is, therefore, affected by multiple vulnerabilities : - A vulnerability exists that exposes HTTP in SSL to a man-in-the-middle attack. CVE-2013-2853 - Block pop-unders in various scenarios...

DoS vulnerability in Flash player &#40;access violation&#41;

Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Flash player plugin for browsers. I've found this vulnerability in June 11.06.2011. That time I've wrote about this built-in DoS in new version of Flash player as a "surprise" from Adobe for owners of old browser, because i...