kernel: Unauthorized access to IPC objects with SysV shm

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to...

kernel: Unauthorized access to IPC objects with SysV shm

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to...

The vulnerability of Firefox and Firefox ESR browsers allows a perpetrator to trigger a service failure.

The vulnerability of the js::jit::AssemblerX86Shared::lockaddl function in Firefox and Firefox ESR browsers is caused by a buffer overflow. Exploiting this vulnerability allows an attacker to cause a service failure by manipulating shared memory...

SUSE-SU-2015:1476-1 Security update for MozillaFirefox, mozilla-nss

Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR bsc943608 MFSA 2015-94/CVE-2015-4497 bsc943557 Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 bsc943558...

Mozilla Firefox Shared Memory Usage Denial of Service Vulnerability

Mozilla Firefox is an open source WEB browser. A security vulnerability in Mozilla Firefox's handling of special JavaScript allows remote attackers to construct malicious files that trick users into parsing, which can crash applications...

Design/Logic Flaw

The js::jit::AssemblerX86Shared::lockaddl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service application crash by leveraging the use of shared memory and accessing 1 an Atomics object or 2 ...

CVE-2015-4484

CVE-2015-4484 affects Mozilla Firefox before 40.0 (and ESR 38.x before 38.2): the JS engine’s handling of shared memory via Atomics/SharedArrayBuffer could crash the browser, enabling a remote attacker to cause a denial of service. The connected docs indicate remediation is to upgrade to Firefox ...

CVE-2015-4484

The js::jit::AssemblerX86Shared::lockaddl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service application crash by leveraging the use of shared memory and accessing 1 an Atomics object or 2 ...

firefox: multiple issues

CVE-2015-4473 Memory safety bugs fixed in Firefox ESR 38.2 and Firefox 40: Gary Kwong, Christian Holler, and Byron Campen reported memory safety problems and crashes that affect Firefox ESR 38.1 and Firefox 39. - CVE-2015-4474 Memory safety bugs fixed in Firefox 40: Tyson Smith, Bobby Holley,...

Mozilla: Crash when using shared memory in JavaScript (MFSA 2015-87)

The js::jit::AssemblerX86Shared::lockaddl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service application crash by leveraging the use of shared memory and accessing 1 an Atomics object or 2 ...

Crash when using shared memory in JavaScript — Mozilla

Security researcher Jukka Jylänki reported a crash that occurs because JavaScript, when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views in some contexts. This leads to a non-exploitable crash...

CVE-2015-4484

The js::jit::AssemblerX86Shared::lockaddl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service application crash by leveraging the use of shared memory and accessing 1 an Atomics object or 2 ...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...

UBUNTU-CVE-2015-4484

The js::jit::AssemblerX86Shared::lockaddl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service application crash by leveraging the use of shared memory and accessing 1 an Atomics object or 2 ...

Scientific Linux Security Update : ntp on 6.x i686/x86_64 (2015:1459)

The remote Scientific Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:1459-1 advisory. - The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field...

CentOS 6 : ntp (CESA-2015:1459)

Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

ntp, ntpdate security update

CentOS Errata and Security Advisory CESA-2015:1459 Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabili...

CVE-2 0 1 5-5 0 9 0 exploit-vulnerability warning-the black bar safety net

0x01 introduction 2 0 1 5 year 7 month, Adobe patched several vulnerabilities, wherein the CVE-2 0 1 5-5 0 9 0 exceptionally conspicuous, it is worth get to the bottom. However, Adobe for these vulnerabilities just according to the level of threat are ranked, and gave no details. In fact, an...

DLA-210-1 qt4-x11 - security update

Bulletin has no description...

(Pwn2Own) Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...