[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

136938

 
 

909

 
 

113195

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 780 Download | Alert*

The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing attacks via a crafted web site.

The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensitive information from process memory or cause a denial of service.

The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause a denial of service.

Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by SystemOnly Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additional ...

Security researcher Mariusz Mlynski reported that when auser examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe thatparses data from the profiler to render the UI, leaving it susceptible to manipulation.

Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.

Security researcher Paul Stone of <ahref="http://www.contextis.co.uk/">Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.

Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash.

Mozilla community member Bob Owen reported that &lt;iframe sandbox&gt; restrictions are not applied to a frame element contained within a sandboxed iframe. As a result,content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   77

© SecPod Technologies