XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

Solving rendering performance puzzles

You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...

SuSE 11.3 Security Update : lcms2 (SAT Patch Number 8091)

lcms2 has been updated to the version 2.5 which is a maintenance release to fix various security and other bugs. - User defined parametric curves can now be saved in ICC profiles. - RGB profiles using same tone curves for several channels are storing now only one copy of the curve - update black...

OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

Oracle Linux 6 : kernel (ELSA-2012-0743)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0743 advisory. - security fix compile error in commoncap.c Eric Paris 806725 806726 CVE-2012-2123 - security fcaps: clear the same personality flags as suid when fcap...

Oracle Linux 5 / 6 : freetype (ELSA-2013-0216)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0216 advisory. - Fix CVE-2012-5669 Use correct array size for checking 'glyphenc' - Add freetype-2.3.11-CVE-2011-3439.patch Various loading fixes. - Add...

Oracle Linux 5 : Important: / poppler (ELSA-2007-1026)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-1026 advisory. 2.3.27-8.1 Fixes for: - 345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit - 345111 - CVE-2007-5392 xpdf buffer overfl...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2015 advisory. - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set CVE-2011-1573 - dccp: fix oops on Reset after close CVE-2011-1093 - bridge:...

Oracle Linux 5 : poppler (ELSA-2010-0749)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0749 advisory. - Add poppler-0.5.4-CVE-2010-3702.patch Properly initialize parser - Add poppler-0.5.4-CVE-2010-3704.patch Fix crash in broken pdf code 0 Tenable has...

CVE-2013-2875

core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

Debian Security Advisory DSA 2719-1 (poppler - several vulnerabilities)

Multiple vulnerabilities were discovered in the poppler PDF rendering library. CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. CVE-2013-1790 An uninitialized memory issue,...

DSA-2719-1 poppler - multiple issues

Bulletin has no description...

CVE-2013-1688

CVE-2013-1688 affects Mozilla Firefox’s Profiler UI rendering where untrusted data is parsed, enabling user‑assisted remote attackers to execute arbitrary JavaScript via a crafted site. The issue is fixed by updating to Firefox 22.0+ (as reflected in MFSA 2013-52 and downstream advisories). OpenS...

CVE-2013-1688

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site...

Stable Channel Update

The Stable channel has been updated to 27.0.1453.116 for Windows, Macintosh and Chrome Frame platforms. Security fixes and rewards: Please see the Chromium security page for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8578)

Mozilla Firefox has been updated to the 17.0.6ESR security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and...

Kernel: drm/i915: heap writing overflow

Integer overflow in drivers/gpu/drm/i915/i915gemexecbuffer.c in the i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service heap-based buffer...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...