USN-3141-1: Thunderbird vulnerabilities

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of...

Ubuntu: Security Advisory (USN-3140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to...

Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-3141-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3141-1 advisory. Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 55 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 55.0.2883.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass

The version of Mozilla Firefox installed on the remote Windows host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to 'data: URLs'...

[ASA-201612-1] firefox: multiple issues

Arch Linux Security Advisory ASA-201612-1 ========================================= Severity: Critical Date : 2016-12-01 CVE-ID : CVE-2016-9078 CVE-2016-9079 Package : firefox Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox...

USN-3140-1: Firefox vulnerabilities

It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-9078 A use-after-free was discovered in SVG animations. If a user were tricked in to opening a...

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

UBUNTU-CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

U.S. Dept Of Defense: DNS Misconfiguration

Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...

KLA10909 Security vulnerabilitity in Mozilla Firefox

An unspecified vulnerability was found in Mozilla Firefox 49 and 50. It can be exploited to gain priveleges. Technical details Redirection from HTTP connection to a data:URL assigns the referring of site origin to the data: URL in some cases. Because of that same-origin violations against a domai...

mozilla -- data: URL can inherit wrong origin after an HTTP redirect

The Mozilla Foundation reports: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has...

A website icon trigger the bloodshed now! To bypass the same origin policy, determine whether you are logged into a website-vulnerability warning-the black bar safety net

! Foreword I want to tell you is that in the absence of your consent, most of the current mainstream network platform will be a leak of your login status. Regardless of your current whether or not a login operation, the attacker can detect to your computer, log in those networking platform. And...

USN-3137-1 moin vulnerabilities

It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting XSS vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to...

From XSS to RCE: XSSer

From XSS to RCE This demonstrates how an attacker can utilize XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3124-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3124-1 advisory. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsa...

NTP.org ntpd contains multiple denial of service vulnerabilities

Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...

USN-3124-1: Firefox vulnerabilities

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a special...

Ubuntu: Security Advisory (USN-3124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...