SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2195-1)

Mozilla Firefox was updated to 45.3.0 ESR to fix the following issues bsc991809 : - MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards rv:48.0 / rv:45.3 - MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed - MFSA 2016-64/CVE-2016-2838...

Mail.ru: Same origin policy bypass on e.mail.ru via Cross-Site Flashing

Hello Mail.Ru Security Team, There is a Cross-Site Flashing vulnerability in e.mail.ru. this vulnerability is similar to XSS except it is Flash script execution. Ref : https://www.owasp.org/index.php/TestingforCrosssiteflashingOTG-CLIENT-008 This allow an attacker to execute requests to the...

webkit2gtk: multiple issues

CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-960)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included : - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...

chromium-browser: Same origin bypass for images in Blink

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.116. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop advisory. - Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116...

openSUSE Security Update : Chromium (openSUSE-2016-950)

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 52.0.2743.116. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop advisory. - Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 all...

Mozilla Firefox ESR Security Advisories (MFSA2016-62, MFSA2016-84) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox Security Advisories (MFSA2016-62, MFSA2016-84) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

OrientDB Server < 2.0.15, 2.1.x < 2.1.1 Clickjacking Vulnerability

OrientDB server is prone to a clickjacking vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:orientdb:orientdb";...

Mozilla Firefox ESR Security Advisories (MFSA2016-62, MFSA2016-84) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...