SUSE-SU-2018:4236-2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...

Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)

Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...

CVE-2019-9696

Symantec VIP Enterprise Gateway all versions may be susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentiall...

CVE-2019-0786

An elevation of privilege vulnerability exists in the Microsoft Server Message Block SMB Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'...

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1179)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting ...

Microsoft Edge and Internet Explorer Same Origin Policy Bypass

A vulnerability exists in Microsoft Edge and Internet Explorer web browsers that could allow security feature bypass. The vulnerability could allow an attacker to bypass the Same Origin Policy. Successful exploitation of this vulnerability could allow the disclosure of sensitive information...

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

Exclusive — A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of whic...

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly

Exclusive — A security researcher today publicly disclosed details and proof-of-concept exploits for two 'unpatched' zero-day vulnerabilities in Microsoft's web browsers after the company allegedly failed to respond to his responsible private disclosure. Both unpatched vulnerabilities—one of whic...

Mozilla Firefox < 66.0 Multiple Vulnerabilities

Binary data 700487.prm...

openSUSE Security Update : Chromium (openSUSE-2019-559)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory boo1119105 : - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element -...

CVE-2019-9938

The SHAREit application before 4.0.42 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The...

Mozilla Firefox Same Origin Policy Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 66. An attacker can exploit the vulnerability to bypass the same-origin policy and read cross-origin images...

Mozilla Firefox Man-in-the-Middle Attack Vulnerability (CNVD-2019-08537)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 66, which stems from the program failing to properly perform Upgrade-Insecure-Requests on same-origin navigation, and can be exploite...

[ASA-201903-11] firefox: multiple issues

Arch Linux Security Advisory ASA-201903-11 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-98...

Unspecified Vulnerability in Moodle (CNVD-2019-35816)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle. An attacker can exploit this vulnerability to open links directly in the same window...

CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

UBUNTU-CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

UBUNTU-CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...