SUSE CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

Mozilla Firefox < 56.0

The version of Firefox installed on the remote Windows host is prior to 56.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-21 advisory. - Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, David Keeler,...

Mozilla Firefox memory corruption vulnerability (CNVD-2017-32533)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 56. A remote attacker can exploit the vulnerability to potentially execute arbitrary code memory corruption...

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

CVE-2017-5023

Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page...

CVE-2017-5026

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page...

chromium-browser: ui spoofing in blink

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

Threat Outbreak Alert RuleID7930: Email Messages Distributing Malicious Software on July 25, 2016

Medium Alert ID: 40616 First Published: 2015 August 21 13:42 GMT Last Updated: 2016 July 26 12:25 GMT Version: 56 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID7930 and...