Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

Mozilla: Add-On updates did not respect the same certificate trust rules as software updates

The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...

CVE-2018-9281

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable t...

Another RCE Vulnerability Patched in Microsoft Malware Protection Engine

Google Project Zero continues to scrape away at the ubiquitous Microsoft Malware Protection Engine at the core of many security products embedded in Windows, and it continues to discover new critical vulnerabilities. The latest, another remote code execution flaw, was patched on Friday after it w...

Firefox 12 Debuts With Silent Update Mechanism

Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...

Ping.fm vulnerable to Clickjacking (Video Demonstration)

Ping.fm vulnerable to Clickjacking Video Demonstration Two Indian Hackers Aditya Gupta@adi1391 and Subho Halder @sunnyrockzzs have discovered Clickjacking vulnerability in one of the famous website "Ping.FM". Clickjacking is a malicious technique of tricking Web users into revealing confidential...

Netcraft Toolbar 1.8.1 Code Execution

// runs calc.exe var shellc...

Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.

Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. Synopsis Enomaly ECP up to and including v3.0.4 is believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for...