[ASA-202012-10] libproxy: denial of service

Arch Linux Security Advisory ASA-202012-10 ========================================== Severity: Low Date : 2020-12-05 CVE-ID : CVE-2020-25219 Package : libproxy Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1226 Summary ======= The package libproxy before version...

PAC privilege escalation using Function.prototype.call — Mozilla

mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...