[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255716

 
 

909

 
 

198991

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 2000 Download | Alert*

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems.

Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII format ...

Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an iframe sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval.

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash.

Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uninitialized memory using the canvas feature.

Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values.

Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution.

The host is missing a security update according to Apple advisory, APPLE-SA-2014-09-17-7. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.


Pages:      Start    79    80    81    82    83    84    85    86    87    88    89    90    91    92    ..   199

© SecPod Technologies