6685 matches found
Google Chrome < 49.0.2623.87 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 49.0.2623.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update8 advisory. - Multiple integer signedness errors in the opjj2kupdateimagedata function in j2k.c in...
USN-2904-1 thunderbird vulnerabilities
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. CVE-2015-7575 Yves Younan discovered that...
CVE-2016-2797
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart...
Local file overwriting and potential privilege escalation through CSP reports — Mozilla
Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy CSP violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive,...
Fedora 22 : webkitgtk4-2.10.7-1.fc22 (2016-143a48536c)
This update together with previous releases addresses the following vulnerabilities: - CVE-2015-7096 - CVE-2015-7098 Additional fixes: - Disable DNS prefetch when a proxy is configured. - Reduce the maximum simultaneous network connections to match other browsers. - Make WebKitWebView always...
Fedora 23 : webkitgtk4-2.10.4-1.fc23 (2015-182d308d5a)
WebKitGTK+ 2.10.4 includes fixes for 2 security issues. Additional fixes: Fixed dashed and dotted border painting. Properly cancel navigation policy checks. Several crashes fixed when running editor commands. Fix several crashes due to assertions in Debug builds. Note that Tenable Network Securit...
Fedora 23 : webkitgtk4-2.10.7-1.fc23 (2016-ec05afb364)
This update together with previous releases addresses the following vulnerabilities: - CVE-2015-7096 - CVE-2015-7098 Additional fixes: - Disable DNS prefetch when a proxy is configured. - Reduce the maximum simultaneous network connections to match other browsers. - Make WebKitWebView always...
Microsoft Internet Explorer Cmarkup Memory Misreference Vulnerability
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A memory misreference vulnerability exists in Microsoft Internet Explorer Cmarkup, due to a failure to properly handle CMarkup in...
[SECURITY] Fedora 23 Update: graphite2-1.3.6-1.fc23
Graphite2 is a project within SIL=E2=80=99s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create =E2=80=9Csmart fo nts=E2=80=9D capable of displaying writing systems with variou...
Google Chrome < 48.0.2564.116 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 48.0.2564.116. It is, therefore, affected by a vulnerability as referenced in the 201602stable-channel-update18 advisory. - Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy...
Debian DSA-3479-1 : graphite2 - security update
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
USN-2902-1: graphite2 vulnerabilities
Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute...
Control CSS loading with custom properties
Last week I wrote about a simple method to load CSS progressively, and on the very same day some scientists taught gravity how to wave. Coincidence? Yes. The pattern in the previous post covers the 90% case of multi-stage CSS loading, and it's really simple to understand. But would you like to he...
[SECURITY] [DSA 3479-1] graphite2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3479-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 15, 2016 https://www.debian.org/security/faq -...
DSA-3479-1 graphite2 - security update
Bulletin has no description...
The future of loading CSS
Chrome is intending to change the behaviour of , which will be noticeable when it appears within . The impact and benefits of this aren't clear from the blink-dev post, so I wanted to go into detail here. Update: This is now in Chrome Canary. The current state of loading CSS …content… CSS blocks...
[SECURITY] Fedora 22 Update: imlib2-1.4.7-1.fc22
Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...
[SECURITY] Fedora 22 Update: webkitgtk4-2.10.7-1.fc22
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 22 Update: webkitgtk4-2.10.4-1.fc22
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3...
[SECURITY] Fedora 23 Update: imlib2-1.4.7-1.fc23
Imlib 2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing...