Mageia: Security Advisory (MGASA-2015-0462)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2819-1: Thunderbird vulnerabilities

Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potential...

CentOS 5 / 6 / 7 : thunderbird (CESA-2015:2519)

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, vi...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20151126)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via...

Updated thunderbird packages fix security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198,...

thunderbird security update

CentOS Errata and Security Advisory CESA-2015:2519 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

ok.ru: Same-Origin Policy Bypass #2

Hi, This is really similar issue to my previous report 102234 - exploitation mechanism is really same but other swf file is vulnerable. All conditions are met: - st.mycdn.me domain which is in ok.ru crossdomain.xml - Security.allowDomain'' - possibility to execute own SWF code provided by URL...

ok.ru: Same-Origin Policy bypass on main domain - ok.ru

Hello, I've just found a way to bypass Same-Origin Policy mechanism using vulnerability in one of swf files on your cdn. Let me explain this in details: 1. First of all - your Crossdomain which defines from what domains Flash files can read content on ok.ru. Crossdomain file is located here -...

RedHat Update for thunderbird RHSA-2015:2519-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Google Chrome同源策略绕过漏洞（CNVD-2015-07628）

No description provided by source...

Mageia: Security Advisory (MGASA-2015-0448)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin...

MGASA-2015-0448 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin...

chromium: information leakage

The PDF viewer does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2015-07628)

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A same-origin policy bypass vulnerability exists in versions of Google Chrome prior to 46.0.2490.86, which allows remote attackers to exploit the vulnerability to bypass the same-origin policy...