CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

UBUNTU-CVE-2015-2722

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker...

Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker...

firefox: multiple issues

CVE-2015-2722, CVE-2015-2733 Use-after-free in workers while using XMLHttpRequest: Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These...

Use-after-free in workers while using XMLHttpRequest — Mozilla

Security researcher Looben Yang used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object...

Updated iceape packages fix security vulnerabilities

Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors. CVE-2015-0835...

That's so fetch!

There's been some confusion around the new fetch API recently. Let's clear things up. The first thing you'll notice about fetch is it's a massive improvement on XMLHttpRequest in terms of API design. Here's how to get some JSON using XHR: var xhr = new XMLHttpRequest; xhr.open'GET', url;...

Mozilla Firefox < 36.0 Multiple Vulnerabilities

Binary data 8653.prm...

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

CVE-2015-0828

Mode C: The CVE-2015-0828 issue is a Double-free in Mozilla Firefox's nsXMLHttpRequest::GetResponse when a nonstandard memory allocator is used, allowing remote code execution or heap corruption via a crafted 0-byte XMLHttpRequest. Affected versions are Firefox prior to 36.0; remediation per conn...

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

eYou邮件系统邮件正文存储型XSS2(内附eYouXSS影响证明)

简要描述： 新玩意儿，影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏，导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。 详细说明： 新玩意儿，影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏，导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。内有POC （wooyun上有一些关于eyou邮件正文型XSS的报告，你们给的回应全都是“已有解决方案”、“问题已知，谢谢报告”。然而测试了几所大学的邮件系统，全都没修复，感觉你们是在逗我.....） 漏洞证明：...

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1654-1)

This MozillaThunderbird update fixes several security and non security issues : Changes in MozillaThunderbird : - update to Thunderbird 31.3.0 bnc908009 - MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety hazards - MFSA 2014-85/CVE-2014-1590 bmo1087633 XMLHttpRequest crashes with some input...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)

seamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:1656-1)

seamonkey was updated to version 2.31 to fix eight security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...

Mozilla Firefox Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...