Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities

Binary data 801345.prm...

Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. CVE-2013-0743 - A use-after-free error exists related to displaying HTML tabl...

Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities

Binary data 6669.prm...

Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities

Binary data 801376.prm...

Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

Design/Logic Flaw

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

CVE-2013-0747

Technical details for CVE-2013-0747 are not publicly provided in the supplied documents. Monitor for updates.

FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)

Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

Chrome 24 Fixes More Than 20 Flaws

Google has patched a huge number of security vulnerabilities in its Chrome browser, fixing 11 high-severity flaws. The release of Chrome 24 also includes patches for a number of other lower-priority vulnerabilities. Chrome 24 is a major security update from Google and there are several bugs fixed...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...

Chrome for Android - Bypassing SOP for Local Files By Symlinks

CVE Number: CVE-2012-4908 Title: Chrome for Android - Bypassing SOP for Local Files By Symlinks Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Chrome for Android's Same-Origi...

Google Chrome < 24.0.1312.52 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 24.0.1312.52 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. CVE-2012-5145, CVE-2012-5147,...

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 24 to the stable channel. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame. This is the first Stable release with support for MathML, thanks to WebKit volunteer Dave Barton. This release also contains an...

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

Chrome For Android Bypassing SOP Flaw

CVE Number: CVE-2012-4908 Title: Chrome for Android - Bypassing SOP for Local Files By Symlinks Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Chrome for Android's Same-Origi...

Touch events are shared across iframes — Mozilla

Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and...

Event manipulation in plugin handler to bypass same-origin policy — Mozilla

Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy SOP restrictions. This can allow for clickjacking on malicious web pages...

GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)

The remote host is affected by the vulnerability described in GLSA-201301-01 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for...

Vulnerability in HTC website allow attacker to hijack accounts

Thamatam Deepak Mr.47™ reported a Cross site scripting XSS Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month...