[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 195105 Download | Alert*

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

The host is installed with Oracle Java SE 5.0u71 and earlier, 6u81 or 7u67 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attackers to affect confidentiality.

The host is installed with Apple QuickTime before 7.7.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted movie file. Successful exploitation allows attackers to execute arbitrary code or cause unexpected application termination.

The host is installed with Apple QuickTime before 7.7.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted movie file. Successful exploitation allows attackers to execute arbitrary code or cause unexpected application termination.

The host is installed with Apple QuickTime before 7.7.6 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted MIDI file. Successful exploitation allows attackers to execute arbitrary code or cause unexpected application termination.

The host is installed with Apple QuickTime before 7.7.6 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted m4a file. Successful exploitation allows attackers to execute arbitrary code or cause unexpected application termination.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-10-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted movie file, a crafted MIDI file or a crafted m4a file. Successful exploitation allows attackers to execute arbitrary code or cause unexpected application termination.


Pages:      Start    7550    7551    7552    7553    7554    7555    7556    7557    7558    7559    7560    7561    7562    7563    ..   19510

© SecPod Technologies