SUSE-SU-2018:1334-2 Security update for MozillaFirefox

This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 bsc1092548 Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF...

nodejs: Inspector DNS rebinding vulnerability

It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the si...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

Mozilla Thunderbird < 60.2.1

The version of Thunderbird installed on the remote Windows host is prior to 60.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-25 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code...

Mozilla Thunderbird Security Advisories (MFSA2018-20, MFSA2018-25) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisories (MFSA2018-20, MFSA2018-25) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Security vulnerabilities fixed in Thunderbird 60.2.1 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...

CVE-2018-6051

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page...

Apple Safari Subframe Same-Origin Policy Bypass Vulnerability

This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file and execute a user gesture within the rendere...

Singularity - A DNS Rebinding Attack Framework

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

RHEL 6 : firefox (RHSA-2018:2693)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2693 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Google Chrome Security Bypass Vulnerability (CNVD-2019-03619)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 69.0.3497.81. The vulnerability can be exploited ...

The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

Mozilla Firefox Security Advisories (MFSA2018-18, MFSA2018-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Security vulnerabilities fixed in Firefox 62 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...