chromium-browser: same-origin bypass in pdfium

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

Google Chrome SVG Same-Origin Bypass Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A same-origin bypass vulnerability exists in Google Chrome SVG. An attacker can exploit this vulnerability to bypass the same-origin policy...

Google Chrome PDFium Same-Origin Bypass Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A security vulnerability exists in PDFium in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit the vulnerability to bypass the same-origi...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird fixes some potential security issues and bugs. The following security flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2016-9079: SVG Animation Remote Co...

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

UBUNTU-CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

Updated thunderbird packages fix security vulnerabilities

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash CVE-2016-5296. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This...

[ASA-201612-3] chromium: multiple issues

Arch Linux Security Advisory ASA-201612-3 ========================================= Severity: Critical Date : 2016-12-03 CVE-ID : CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214...

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities

Binary data 9805.prm...

Mozilla Firefox < 50.0 Multiple Vulnerabilities

Binary data 9804.prm...

Debian DLA-730-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. A man-in-the-middle attack in the addon update mechanism ha...

[SECURITY] [DLA 730-1] firefox-esr security update

Package : firefox-esr Version : 45.5.1esr-1deb7u1 CVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation erro...

USN-3141-1: Thunderbird vulnerabilities

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of...

USN-3141-1 thunderbird vulnerabilities

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of...

[ASA-201612-1] firefox: multiple issues

Arch Linux Security Advisory ASA-201612-1 ========================================= Severity: Critical Date : 2016-12-01 CVE-ID : CVE-2016-9078 CVE-2016-9079 Package : firefox Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox...

Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-3141-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3141-1 advisory. Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety...

Ubuntu: Security Advisory (USN-3140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 55 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 55.0.2883.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass

The version of Mozilla Firefox installed on the remote Windows host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to 'data: URLs'...