Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3645-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3645-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

[ASA-201805-10] firefox: multiple issues

Arch Linux Security Advisory ASA-201805-10 ========================================== Severity: Critical Date : 2018-05-13 CVE-ID : CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-51...

Whonow - A "Malicious" DNS Server For Executing DNS Rebinding Attacks On The Fly (Public Instance Running On Rebind.Network:53)

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. respond to DNS queries for this domain with 52.23.194.42 the first time it is requested and then 192.168.1.1 every time after...

Mozilla Firefox Same Origin Protection Bypass Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A PDF viewer same-origin protection bypass vulnerability exists in Mozilla Firefox. A remote attacker can exploit this vulnerability to bypass the PDF viewer's same-origin restriction and view...

FreeBSD : mozilla -- multiple vulnerabilities (5aefc41e-d304-4ec8-8c82-824f84f08244)

Mozilla Foundation reports : CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

UBUNTU-CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

DNS Rebinding

node is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector introduced since node 6.x and allows a website to use a DNS rebinding attack to bypass the same-origin-policy checks on the web browsers, opening the inspector port as a debugger and using it for executing...

Microsoft Edge Security Feature Bypass Vulnerability (CNVD-2018-10732)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.Edge is one of the a default browser that comes with the system. A security...

KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list ...

Security vulnerabilities fixed in Firefox 60 — Mozilla

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...

Security vulnerabilities fixed in Firefox ESR 52.8 — Mozilla

Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. A use-after-free vulnerability can occur while enumerating attributes during SVG...

PT-2018-17921 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x and later Description: The issue allows for a DNS rebinding attack, potentially leading to remote code execution. This can be exploited by malicious websites open in a web browser on the same computer or another computer...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

KB4103716: Windows 10 May 2018 Security Update

The remote Windows host is missing security update 4103716. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

██████: Same Origin Policy Bypass at ██████.com

██████.com: helps different sectors of business to create passes very easily through their app. ██████.org: helps their customers focus on using video to move their business in meaningful ways...

[SECURITY] [DSA 4182-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4182-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 28, 2018 https://www.debian.org/security/faq -...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

RHEL 6 : chromium-browser (RHSA-2018:1195)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1195 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 66.0.3359.117. Security Fixes:...

chromium-browser: Same origin bypass in Service Worker

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...