CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

Android System Google Admin app exposed 0day vulnerabilities, can bypass the sandbox-vulnerability warning-the black bar safety net

MWR Labs researchers discovered a 0day vulnerability exists in the Android system of the Google Admin app to handle some URL in the way that, by the vulnerability the attacker can bypass the Android sandbox mechanism. The vulnerability principle For the Google Android security team, this month is...

Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy

/ Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var sandboxcontexti=null; var DIRCACHE=; var FILECACHE=; var...

Mozilla Firefox 39.03 - pdf.js Same Origin Policy

Mozilla Firefox 39.03 - pdf.js Same Origin Policy / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...

Firefox 39.03 - pdf.js Same Origin Policy Exploit

Exploit for multiple platform in category local exploits / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...

Security update for MozillaFirefox (important)

update to Firefox 40.0 bnc940806 Added protection against unwanted software downloads Suggested Tiles show sites of interest, based on categories from your recent browsing history Hello allows adding a link to conversations to provide context on what the conversation will be about New style for...

Security update for MozillaFirefox (important)

update to Firefox 40.0 bnc940806 Added protection against unwanted software downloads Suggested Tiles show sites of interest, based on categories from your recent browsing history Hello allows adding a link to conversations to provide context on what the conversation will be about New style for...

SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1380-1)

This security update bsc940918 fixes the following issues : - MFSA 2015-78 CVE-2015-4495, bmo1178058: Same origin violation - Remove PlayPreview registration from PDF Viewer bmo1179262 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:1379-1)

This security update bsc940918 fixes the following issues : - MFSA 2015-78: CVE-2015-4495, bmo1178058: Same origin violation - Remove PlayPreview registration from PDF Viewer bmo1179262 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securit...

Shopify - Persistent Embed POST Inject Vulnerability

Document Title: =============== Shopify - Persistent Embed POST Inject Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1556 Video View: https://www.youtube.com/watch?v=5qiJ4UjJtQ Release Date: ============= 2015-08-13 Vulnerability Laboratory ID VL-ID:...

Firefox ESR < 38.2 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR installed on the remote Mac OS X host is prior to 38.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist that allow a remote attacker, via a specially crafted web page, to corrupt memory and potentially execute...

Mozilla Firefox ESR < 38.2

The version of Firefox ESR installed on the remote Windows host is prior to 38.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2015-83 advisory. - crash in @ stagefright::SampleTable::isValid with h264 mp4CVE-2015-4480 CVE-2015-4480 - MPEG4 saio Chunk Integer...

Firefox < 40 Multiple Vulnerabilities

The version of Firefox installed on the remote Windows host is prior to 40. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist that allow a remote attacker, via a specially crafted web page, to corrupt memory and potentially execute arbitrary...

Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

Firefox < 40 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 40. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist that allow a remote attacker, via a specially crafted web page, to corrupt memory and potentially execute arbitrary...

Debian DSA-3333-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin...

[SECURITY] [DSA 3333-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3333-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2015 https://www.debian.org/security/faq -...

SUSE-SU-2015:1379-1 Security update for MozillaFirefox

This security update bsc940918 fixes the following issues: MFSA 2015-78: CVE-2015-4495, bmo1178058: Same origin violation Remove PlayPreview registration from PDF Viewer bmo1179262...

Debian Security Advisory DSA 3333-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3333.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3333-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

DSA-3333-1 iceweasel - security update

Bulletin has no description...