[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1826 Download | Alert*

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe"s location object, as part of an alarm"s JSON data. This allows a malicious app to bypass same-origin policy.

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a canvas element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-11-17-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to execute remote code or obtain sensitive information.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-10-16-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to determine all the network addresses of the system or bypass a sandbox protection mechanism or execute arbitrary shell commands or ...

The host is missing a security update according to MFSA 2014-83. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code.

The host is missing a security update according to MFSA 2014-84. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle an XBL binding. Successful exploitation allows attackers to bypass intended access restrictions.

The host is missing a security update according to MFSA 2014-85. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript object. Successful exploitation allows attackers to cause a denial of service (application crash).

The host is missing a security update according to MFSA 2014-86. The update is required to fix an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploitation allows attackers to obtain sensitive information.

The host is missing a security update according to MFSA 2014-87. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a addition of a second root element to an HTML5 document during parsing. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a security update according to MFSA 2014-88. The update is required to fix a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted media content. Successful exploitation allows attackers to execute arbitrary code.


Pages:      Start    69    70    71    72    73    74    75    76    77    78    79    80    81    82    ..   182

© SecPod Technologies