KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list ...

Security vulnerabilities fixed in Firefox ESR 52.8 — Mozilla

Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. A use-after-free vulnerability can occur while enumerating attributes during SVG...

Security vulnerabilities fixed in Firefox 60 — Mozilla

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...

PT-2018-17921 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x and later Description: The issue allows for a DNS rebinding attack, potentially leading to remote code execution. This can be exploited by malicious websites open in a web browser on the same computer or another computer...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

KB4103716: Windows 10 May 2018 Security Update

The remote Windows host is missing security update 4103716. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

██████: Same Origin Policy Bypass at ██████.com

██████.com: helps different sectors of business to create passes very easily through their app. ██████.org: helps their customers focus on using video to move their business in meaningful ways...

[SECURITY] [DSA 4182-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4182-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 28, 2018 https://www.debian.org/security/faq -...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

RHEL 6 : chromium-browser (RHSA-2018:1195)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1195 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 66.0.3359.117. Security Fixes:...

chromium-browser: Same origin bypass in Service Worker

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Multiple Apple products WebKit homology policy bypass vulnerability (CNVD-2018-09811)

Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is an open source web...

Google Chrome canvas same-origin restriction bypass vulnerability

Google Chrome is a web browser developed by Google, Inc. canvas is one of the graphics components. A security vulnerability exists in canvas in versions of Google Chrome prior to 65.0.3325.146. A remote attacker can exploit this vulnerability to bypass the same-origin restriction by tricking user...

Roundcube Webmail 1.2.0 - 1.3.5 MX Injection Vulnerability

Roundcube Webmail is prone to an injection vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3596-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3596-2 advisory. USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in...

Design/Logic Flaw

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

UBUNTU-CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

USN-3596-2: Firefox regression

USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...