FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Mozilla Foundation reports : CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overfl...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Security vulnerabilities fixed in Firefox ESR 52.9 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

KLA11271 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and obtain sensitive information. Below is a complete list of...

Security vulnerabilities fixed in Firefox 61 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9072

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox 50...

CVE-2016-9072

CVE-2016-9072 - Firefox 64-bit NPAPI sandbox not enabled by default Affecting: Mozilla Firefox on 64-bit Windows (Firefox versions older than 50). Root cause: when a new profile is created on 64-bit Windows, the sandbox for 64-bit NPAPI plugins is not enabled by default, leaving the plugin sandbo...

KLA11261 Multiple vulnerabilities in Adobe Flash player

Multiple serious vulnerabilities have been found in Adobe Flash player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities: 1. Type Confusion vulnerability in Adobe Flash player can be exploited...

KLA11223 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information. 1. Use-After-Free vulnerability can be exploited remotely to execute arbitrary code; 2. Out-of-bounds reading...

NetScaler Gateway 11.0 VPN Client and EPA Plug-in Does Not Work With Chrome Version 42 and Later

The Client and EPA Plug-ins don't work with the latest Chrome versions as support for NPAPI is disabled by default. The support will be deprecated entirely in Chrome version 45 in September 2015. From Chrome version 42, all NPAPI plugins will appear as if they are not installed. This will affect...

D-Link DIR-850L REV.A and REV.B Man-in-the-Middle Attack Vulnerability

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability in the D-Link NPAPI extension used in D-Link DIR-850L REV.A devices with firmware FW114WWb07h2abbeta1 and earlier and REV.B devices with firmware FW208WWb02 and earlier stems from the...

D-Link DIR-850L Information Disclosure Vulnerability

The D-Link DIR-850L is a wireless router from AUO D-Link. A security vulnerability exists in the NPAPI extension in the D-Link DIR-850L using FW114WWb07h2abbeta1 and earlier versions, which stems from the program failing to properly validate certificates. A remote attacker could exploit the...

Design/Logic Flaw

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also...

CVE-2017-14420

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

CVE-2017-14418

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B with firmware through FW208WWb02 devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services...

Design/Logic Flaw

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B with firmware through FW208WWb02 devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services...