15 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5129
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left- trimmed objects, which allows remote attackers to cau...
SUSE CVE-2016-1708
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified...
SUSE CVE-2016-5141
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp...
CVE-2017-5426
On Linux, if the secure computing mode BPF seccomp-bpf filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note:...
CVE-2017-5414
The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5413
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox 52 and Thunderbird 52...
CVE-2017-5406
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox 52 and Thunderbird 52...
Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...
chromium-browser: Use-after-free in Blink
The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...
Google Chrome SOP Protection Mechanism Bypass Vulnerability
Google Chrome is a web browsing tool developed by Google. A protection mechanism bypass vulnerability exists in Service Workers in versions prior to Google Chrome 52.0.2743.82. A remote attacker can exploit this vulnerability to bypass the same-origin policy...
Google Chrome Denial of Service Vulnerability (CNVD-2016-05481)
Google Chrome is a web browser developed by the American company Google Google. A denial of service vulnerability exists in versions of Google Chrome prior to 52.0.2743.82. An attacker can exploit this vulnerability to cause a denial of service...
CVE-2016-5130
content/renderer/historycontroller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site...
UBUNTU-CVE-2016-5133
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 i...
ICU: regexp engine missing look-behind expression range check
The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...