CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0190)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerabilit...

Security fix for the ALT Linux 10 package thunderbird version 68.1.2-alt1

Oct. 13, 2019 Andrey Cherepanov 68.1.2-alt1 - New version 68.1.2. - Fixed: + CVE-2019-11739 Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

USN-4122-2: Firefox regression

USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered i...

WebKit FrameLoader::clear Same-Origin Policy Bypass

WebKit: Same-Origin Policy bypass in FrameLoader::clear VULNERABILITY DETAILS void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; // 1 mneedsClear = false; if...

openSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)

This update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. bsc1140868 - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. bsc1149294 - CVE-2019-11710: Fixed several memo...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2248)

This update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2249)

This update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:2251-1 Rating: important References: 1109465 1117473 1123482 1124525 1133810 1138688 1140868 1141322 1145665 1149292 1149293 1149294 1149295 1149296 1149297 1149298 1149299 1149302 1149303 1149304 11493...

OPENSUSE-SU-2019:2248-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 68.1.1 fixes the following issues: - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

Amazon Linux 2 : thunderbird (ALAS-2019-1304)

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation cou...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2248-1 Rating: important References: 1140868 1141322 1149296 1149297 1149298 1149299 1149303 1149304 1150939 1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:2249-1 Rating: important References: 1140868 1141322 1149296 1149297 1149298 1149299 1149303 1149304 1150939 1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712...

Important: thunderbird

Issue Overview: Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin poli...

Adobe Flash Player Information Disclosure Vulnerability (CNVD-2019-39594)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. An attacker could exploit this vulnerability to bypass the...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...