Nextcloud: SMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail client. The vulnerability allowed attackers to bypass the "Block remote images" security feature by using SMIL animation attributes to load arbitrary external resources without validation. This could have enabled email...

Mozilla Firefox ESR < 45.9

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 45.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-11 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex...

Mozilla Firefox < 53.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 53.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-10 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. CVE-2017-5469 ...

EUVD-2003-0717

Malware in sbrugna...

EUVD-2011-1801

Malware in sbrugna...

EUVD-2004-1792

Malware in sbrugna...

EUVD-2019-19158

Malware in sbrugna...

EUVD-2017-14537

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-9796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration ...

smil-blue.com Cross Site Scripting vulnerability OBB-3694788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

smil-alto.com Cross Site Scripting vulnerability OBB-3411583

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

smil-blue.com Cross Site Scripting vulnerability OBB-3263941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2005-0455

Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value...

SUSE CVE-2014-1541

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

SUSE CVE-2017-5433

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox E...

SUSE CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...

Mozilla Firefox Security Advisory (MFSA2014-52) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

SUSE: Security Advisory (SUSE-SU-2014:0905-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...

CVE-2011-1803

An issue exists in thirdparty/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element...