Ubuntu: Security Advisory (USN-3896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3896-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code...

USN-3896-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:0249-1 Rating: important References: 1122983 1125330 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494...

MyBB 1.6.x ChangUonDyU Chatbox 3.6.0 Cross Site Scripting

Exploit Title : MyBB 1.6.x ChangUonDyU Chatbox Plugins 3.6.0 Cross Site Scripting Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : mybb.com Software Download Link : destek.mybb.com.tr/attachment.php?aid=742 Software Information Links ...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

DEBIAN-CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

Input validation

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

CVE-2019-5773 : Insufficient origin validation in IndexedDB in Google Chrome before 72.0.3626.81 allows a remote attacker who compromised the renderer process to bypass the same-origin policy via a crafted HTML page. Affected product/version: Google Chrome (IndexedDB). Root cause: origin validati...

Sails before 0.12.7 vulnerable to Broken CORS

Affected versions of sails have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This may allow an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious HTML...

GHSA-QMV4-JGP7-MF68 Sails before 0.12.7 vulnerable to Broken CORS

Affected versions of sails have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This may allow an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious HTML...

Mozilla Firefox < 65.0.1

The version of Firefox installed on the remote Windows host is prior to 65.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-04 advisory. - A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitab...

Mozilla Firefox < 64.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:0182-1 Rating: important References: 1122983 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501...

[ASA-201902-16] firefox: multiple issues

Arch Linux Security Advisory ASA-201902-16 ========================================== Severity: High Date : 2019-02-13 CVE-ID : CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-896 Summary ======= The packa...

chromium-browser: Insufficient data validation in IndexedDB

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...