DSA-3625-1 squid3 - security update

Bulletin has no description...

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

CVE-2016-1710

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2016-1711

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2016-5128

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document...

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

UBUNTU-CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document...

UBUNTU-CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

openstack-neutron: ICMPv6 source address spoofing vulnerability

Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 52 to the stable channel for Windows, Mac and Linux. Chrome 52.0.2743.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 48 security fixes in this release, including: 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan 614934 High CVE-2016-1709:...

Paragon Initiative Enterprises: Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer

Description Internet Explorer has the nasty habit to perform Content-Type sniffing on delivered resources if the content-type is not known to it. Since the software isn't instructing Internet Explorer to disable content-type sniffing this leads to a stored XSS. In a nutshell, it is possible to...

WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

Binary data 9387.prm...

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of the Firefox browser allows a malicious actor to bypass access control policies SOP and execute arbitrary JavaScript code with privileges equivalent to those of Chrome, by using frame relays...

The vulnerability of the Firefox ESR browser allows a malicious individual to gain access to confidential information.

The Mozilla Firefox ESR browser contains a vulnerability related to errors in the implementation of the SVG filter. This vulnerability allows a malicious actor to gain access to confidential information about displacement and correlations, as well as to circumvent Domain Restrictions Policy SOP...

The vulnerability of the Firefox browser, which allows a malicious actor to bypass domain restriction rules

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of class functions. Exploiting this vulnerability allows malicious actors to circumvent Domain Restrictions Policy SOP rules and gain access to confidential information through the use of IFrame elements...

The vulnerability of the Firefox browser, which allows a malicious individual to gain access to authentication data

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web Workers technology. Exploiting this vulnerability allows malicious actors operating remotely to circumvent Domain Restrictions Policy SOP rules and gain access to authentication data through...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to gain access to authentication data

Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the Web Workers technology. Exploiting this vulnerability allows malicious actors operating remotely to circumvent Domain Restrictions Policy SOP rules and gain access to authentication data through err...

The vulnerability of the Firefox browser, which allows a malicious individual to gain access to confidential information

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the SVG filter. This vulnerability allows malicious actors to gain access to confidential information about displacement and correlations, as well as to circumvent domain restriction policies SOP. They...