Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3477-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3477-2 advisory. USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search...

USN-3477-2: Firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...

USN-3477-2 firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...

Security vulnerabilities fixed in Thunderbird 52.5 — Mozilla

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...

Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Mozilla: Cross-origin URL information leak through Resource Timing API (MFSA 2017-25)

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3477-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3477-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Debian DSA-4035-1 : firefox-esr - security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. %NASLMINLEVEL 70300 C Tenable Network...

[ASA-201711-23] firefox: multiple issues

Arch Linux Security Advisory ASA-201711-23 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-78...

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

UBUNTU-CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

Security vulnerabilities fixed in Firefox ESR 52.5 — Mozilla

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...

CVE-2017-13819

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML...

CVE-2017-13819

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML...

Cross site scripting

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML...

openSUSE Security Update : webkit2gtk3 (openSUSE-2017-1268)

This update for webkit2gtk3 to version 2.18.0 fixes the following issues : These security issues were fixed : - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted website...

Security update for webkit2gtk3 (important)

This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site...

Khan Academy: Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)

Hello Sir/Mam , I was using the html editor in computer programming section , which allowed me to design a webpage. When i use the iframe tag , object tag and embed tag it show me the message that these tags are not allowed for security reasonsmay be cause of clickjacking attack or something but...

jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

GHSA-4WHC-PP4X-9PF3 jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...