Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Security update for MozillaFirefox, mozilla-nss (important)

This update to Mozilla Firefox 47 fixes the following issues boo983549: Security fixes: - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free deletin...

Ubuntu: Security Advisory (USN-2993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Firefox < 47 Multiple Vulnerabilities (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 47. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. CVE-2016-2815, CVE-2016-2818 - An overflow...

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...

UBUNTU-CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...

firefox: multiple issues

CVE-2016-2815 arbitrary code execution Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with...

FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)

Mozilla Foundation reports : MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

Partial same-origin-policy through setting location.host through data URI — Mozilla

Security researcher Armin Ebert reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or...

How to Use Listen Policy to Create Virtual Servers with Same IP and Perform Selective Dual Authentication

You can use the Listen Policy feature of Citrix ADC NetScaler to use the same IP and FQDN and have selective authentication on the basis of the IP range. Example : Single authentication for internal users and dual authentication for external users...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

KLA10822 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, elevate privileges, cause denial of service, conduct XSS or obtain sensitive information. Below is a complete list of...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-2992-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2992-1 advisory. An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could...

USN-2992-1 oxide-qt vulnerabilities

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1673 An issue was discovered with Document reattachment in Blink in some circumstances. ...

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

Google Chrome FrameLoader::startLoad Same Origin Policy Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. In versions of Google Chrome prior to 51.0.2704.79, the Blink/WebKit/Source/core/loader/FrameLoader.cpp/FrameLoader::startLoad function fails to prevent frame navigation in the DocumentLoader separation operation. A same-origin policy bypa...

Google Chrome Extension Subsystem Homology Policy Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. In versions prior to Google Chrome 51.0.2704.79, the extension subsystem does not properly restrict bound access and a same-origin policy bypass vulnerability exists, which can be exploited by remote attackers to bypass the same-origin...

UBUNTU-CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

CVE-2016-1697

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...