[SECURITY] [DSA 3201-1] iceweasel security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3201-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 22, 2015 http://www.debian.org/security/faq -...

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

Debian Security Advisory DSA 3201-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3201.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3201-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

DSA-3201-1 iceweasel - security update

Bulletin has no description...

UBUNTU-CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

firefox: multiple issues

CVE-2015-0817 arbitrary remote code execution: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its management of bounds checking for heap access...

Debian: Security Advisory (DSA-3201-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege escalation through SVG navigation — Mozilla

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation...

flash-plugin: cross-domain policy bypass (APSB15-05)

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

Adobe Flash Player Security Bypass Vulnerability (CNVD-2015-01804)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability to bypas...

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

Design/Logic Flaw

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

VulnCheck KEV: CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

Vimeo: URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io

Hi, Brief This is an urgent issue and I hope you will act on it likewise. Your subdomain status.vimeo.com is pointing to hosted.statuspage.io, but no statuspage was connected to it. This means that anyone can claim the subdomain by setting up a statuspage.io site and using "status.vimeo.com" as t...

KLA10461 Security bypass vulnerability in multiple products

Using of the same certificate was found in multiple products. By exploiting this vulnerability malicious users bypass security restrictions. This vulnerability can be exploited remotely via a man-in-the-middle attack. Original advisories - Related products VisualDiscovery CVE list CVE-2015-2077...

Mail.ru: Same Origin Policy bypass

Hi, After small investigation I've probably found something that can be exploited to bypass Same Origin Policy on mail.ru services specially your main domain and e.mail.ru. First of all - let's take a look about your crossdomain.xml both for mail.ru and e.mail.ru: After time spent on searching...

MGASA-2015-0062 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...