Security fix for the ALT Linux 10 package firefox-esr version 60.4.0-alt1

Dec. 11, 2018 Andrey Cherepanov 60.4.0-alt1 - New ESR version 60.4.0 - Fixed: + CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 + CVE-2018-18492 Use-after-free with select element + CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia +...

UBUNTU-CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in...

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Debian: Security Advisory (DSA-4354-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security vulnerabilities fixed in Firefox ESR 60.4 — Mozilla

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select...

Security vulnerabilities fixed in Firefox 64 — Mozilla

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the...

chromium-browser: Inappropriate implementation in Media

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page...

CVE-2018-18362

Norton Password Manager for Android formerly Norton Identity Safe may be susceptible to a cross site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by...

Google Chrome Media Information Disclosure Vulnerability

Google Chrome is a web browser developed by Google, Inc.Media is one of the multimedia components. A security vulnerability exists in Media in versions of Google Chrome prior to 71.0.3578.80. A remote attacker can exploit this vulnerability to bypass the same-origin policy used for audio content...

CVE-2018-18352

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page...

DVWA Pro-test CSRF vulnerability-vulnerability warning-the black bar safety net

CSRF is a cross-site request forgery, i.e., a user at A site after login in the same client of the Site B using the vulnerability to get A site's Cookie and other authentication information, and forgery as legitimate identity request to A site. This article in the local environment, carry out the...

Same Origin Policy Bypass

Plupload is vulnerable to same origin policy bypass. Overly permissive Flash allows scripts from any domain to be run, allowing remote attackers to bypass the same origin policy via crafted swf content...

Code Injection

valine is vulnerable to code injection. The vulnerability is possible because the EMBED tags are not validated to enforce same-origin policy, allowing the attacker to inject HTML combined with a .pdf file...

RHEL 7 : thunderbird (RHSA-2018:3458)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3458 advisory. - Mozilla: Proxy bypass using automount and autofs CVE-2017-16541 - Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2...

Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

RHEL 6 : thunderbird (RHSA-2018:3403)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3403 advisory. - Mozilla: Proxy bypass using automount and autofs CVE-2017-16541 - Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2...

Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

DEBIAN-CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Cross site request forgery (csrf)

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...