MGASA-2019-0267 Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. CVE-2019-11740 Same-origin policy violation with SVG filters and canvas to steal cross-origin images...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2019-8069

The CVE-2019-8069 issue affects Adobe Flash Player 32.0.0.238 and earlier; it is a Same Origin Method Execution vulnerability that could lead to arbitrary code execution in the current user context. Multiple connected sources confirm the vulnerability and indicate that update/patches exist: Adobe...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Same-origin Policy Violation

Mozilla Firefox is vulnerable to same-origin policy violation. The vulnerability exists due to an error in how same-origin policy which allows an attacker to data theft...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

Adobe Flash Player Same Origin Method Execution Vulnerability

Adobe Flash Player is a widely used, proprietary multimedia program player originally written by Macromedia and continued to be developed and distributed by Adobe after Macromedia was acquired by Adobe. A same-origin method execution vulnerability exists in Adobe Flash Player. An attacker could...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a...

Security vulnerabilities fixed in - Thunderbird 68.1 — Mozilla

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. Some...

FreeBSD : Flash Player -- multiple vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)

Adobe reports : - This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. - This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070. C Tenable Network Security, Inc. The...

RHEL 6 : firefox (RHSA-2019:2694)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2694 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

KLA11547 Multiple ACE vulnerabilities in Adobe Flash Player

Multiple vulnerabilities were found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A use-after-free vulnerability can be exploited remotely to execute arbitrary code; 2. A same origin method...

Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070...

Debian DLA-1910-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service. For Debian 8 'Jessie', these problem...

Debian DSA-4516-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service. C Tenable Network Security, Inc. The...

[SECURITY] [DSA 4516-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4516-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2019 https://www.debian.org/security/faq -...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2019-30437)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox prior to version 69, which can be exploited by attackers to bypass the same-origin policy and obtain sensitive information...