openSUSE Security Update : the MozillaFirefox / mozilla-nss and mozilla-nspr (openSUSE-2016-128)

This update to MozillaFirefox fixes several security issues and bugs. Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21 Mozilla NSPR was updated to 4.11. The following vulnerabilities were fixed : - CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards boo963633 -...

openSUSE Security Update : Mozilla Firefox (openSUSE-2016-131)

This update fixes the following security related issues by updating packages to a more recent version : Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0 - MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards - MFSA 2016-02/CVE-2016-1933 bmo1231761 Out...

Unspecified vulnerability in Mozilla Firefox protocol-handler dialog box

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the protocol-handler dialog box in Mozilla Firefox versions prior to 44.0. The vulnerability can be exploited by remote attackers to conduct clickjacking...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

Design/Logic Flaw

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

CVE-2016-1937

The CVE-2016-1937 issue concerns Firefox’s protocol-handler dialog, where a crafted page could trigger a single-click action intended as a double-click. OpenSUSE advisories document the fix as part of Mozilla Firefox updates to version 44.0 (on GA media), with NSS updated to 3.21 and NSPR to 4.11...

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

UBUNTU-CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...

Missing delay following user click events in protocol handler dialog — Mozilla

Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the secon...

Slack: OSX slack:// protocol handler javascript injection

The Mac Slack app version 1.1 introduced the slack:// protocol handler. Due to improper input sanitization, arbitrary Javascript code can be run in the context of the client app if the user clicks on a slack:// link on a website or email. I have confirmed this issue still exists in the 1.1.1...

(Pwn2Own) Apple OS X XSS Sandbox Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within certain URLs in the...

libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports: It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism...

Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Samsung Galaxy KNOX Android Browser Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Samsung Galaxy KNOX Android Browser RCE

A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4,...

Adobe Flash Player 8.0.34.0/9.0.x main.swf baseurl Parameter asfunction: Protocol Handler XSS

No description provided by source. source: http://www.securityfocus.com/bid/26949/info Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code i...

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler...