«
Expand/Collapse
281 items tagged "browser"
Related tags:
uninitialized pointer [+],
security [+],
safari [+],
maxthon browser [+],
maxthon [+],
information disclosure vulnerability [+],
flock browser [+],
code [+],
buffer overflow vulnerability [+],
black hat [+],
service vulnerability [+],
security vulnerabilities [+],
qtweb [+],
proof of concept [+],
poc [+],
igor bukanov [+],
gary kwong [+],
exploits [+],
chrome [+],
android [+],
user [+],
file [+],
cross application [+],
browser engine [+],
authors [+],
arora [+],
arbitrary code execution [+],
web [+],
zero [+],
web browser version [+],
ubuntu [+],
safari browser [+],
recovering passwords [+],
opera browser [+],
jeff walden [+],
henry sivonen [+],
cross [+],
code execution [+],
application programming interface [+],
wild card [+],
wild [+],
usn [+],
svg [+],
realplayer [+],
dom [+],
dolphin [+],
crm [+],
bugtraq [+],
txt [+],
slides [+],
read [+],
plugin [+],
paul stone [+],
netscape [+],
navigation [+],
memory protection [+],
memory [+],
mark dowd [+],
k meleon [+],
josh soref [+],
javascript [+],
how to impress girls [+],
firefox [+],
exploit [+],
crash [+],
clickjacking [+],
avant [+],
audio [+],
arbitrary code [+],
application [+],
alexander sotirov [+],
opera [+],
vulnerability [+],
zero day [+],
zach hoffman [+],
xss [+],
xaurora [+],
x code [+],
web browser plugin [+],
video [+],
unique [+],
tag [+],
sun java runtime [+],
steven bergom [+],
ssl protocol [+],
ssl [+],
shah tags [+],
search crash [+],
roberto suggi [+],
rich internet [+],
ria [+],
remote shell [+],
remote [+],
red hat security [+],
privacy event [+],
peter eckersley [+],
party application [+],
oracle java [+],
novell iprint [+],
microsoft [+],
linux platforms [+],
jordi chancel [+],
java webstart [+],
java web start [+],
java web browser [+],
java code execution [+],
java [+],
ios versions [+],
ios [+],
information disclosure [+],
idefense security advisory [+],
icedtea web [+],
hijacking [+],
heap memory [+],
file browser [+],
execution [+],
engine math [+],
eckersley [+],
download [+],
domain information [+],
decrypt [+],
day [+],
darknet [+],
crash proof [+],
christian holler [+],
browser navigation [+],
basicservice [+],
based buffer overflow [+],
b14 [+],
avant browser [+],
ajax [+],
active x [+],
denial of service [+],
wolf [+],
windows [+],
webkit [+],
vector [+],
target [+],
steam [+],
sleeping giant [+],
shewmaker [+],
security vulnerability [+],
robert swiecki [+],
rip [+],
protocol [+],
persistent web [+],
paul nickerson [+],
party documents [+],
paper [+],
overflows [+],
orca [+],
mozilla [+],
mike shaver [+],
microsoft windows [+],
michael sutton [+],
malformed [+],
malaysia [+],
mail handler [+],
james shewmaker [+],
internet explorer [+],
integer overflow vulnerability [+],
insecurity [+],
henry sudhof [+],
hacks [+],
hacking [+],
hack in the box [+],
google [+],
firebug [+],
external mail [+],
exploitation techniques [+],
element [+],
ehsan [+],
eduardo vela [+],
dos [+],
dmitri gribenkodmitri [+],
dll [+],
deadly cocktail [+],
comparison [+],
building [+],
buffer [+],
bof [+],
attacker [+],
alexander miller [+],
accuvant [+],
opera web browser [+],
denial [+],
zombie [+],
window [+],
winamp [+],
wildcard [+],
web browser security [+],
web application developers [+],
watering [+],
warns [+],
vulnerabilities [+],
vortex [+],
version [+],
validator [+],
validation [+],
uri spoofing [+],
universal [+],
twitter [+],
theworld browser [+],
theworld [+],
surfers [+],
sql injection [+],
software versions [+],
site access [+],
silk [+],
session hijacking [+],
server firewall [+],
security concerns [+],
rush [+],
rss [+],
rogiship [+],
researcher [+],
rendering [+],
remoter [+],
remote exploit [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
raspberry [+],
python [+],
pushes [+],
proxy [+],
programming language [+],
privacy project [+],
privacy [+],
policy violation [+],
pins [+],
penetration testers [+],
paul theriault [+],
passwords [+],
openscad [+],
open source tools [+],
open [+],
null byte [+],
npjp [+],
new [+],
netscape web [+],
nat [+],
mozilla firefox [+],
midori [+],
microsoft active directory [+],
marlinspike [+],
marketer [+],
mantra [+],
malicious website [+],
malicious attacker [+],
makers [+],
lynx [+],
lurawave [+],
lunascape [+],
link [+],
iphone [+],
internet browser [+],
internet applications [+],
internet [+],
interface [+],
insertion [+],
impress [+],
idna [+],
honeywell [+],
home [+],
hmiweb [+],
history information [+],
history [+],
heap [+],
hari kari [+],
hack [+],
graphical interface [+],
gpio [+],
google maps [+],
gold [+],
girlfriend [+],
ghosting [+],
generic mechanism [+],
free [+],
forensics [+],
flaw [+],
finding gold [+],
favourite [+],
extension [+],
explorer browser [+],
explorer [+],
evil [+],
eric [+],
dom exploiting [+],
disclosure [+],
directory browser [+],
directory [+],
detecting [+],
destination buffer [+],
dan kaminsky [+],
crazy browser [+],
crazy [+],
control [+],
compromises [+],
collusion [+],
cnc [+],
classic [+],
cache [+],
buffer overflow [+],
browser vendors [+],
browser v2 [+],
browser memory [+],
browser makers [+],
browser interface [+],
browser extension [+],
browser cache [+],
browser 6 [+],
bounty program [+],
boston [+],
asks [+],
art [+],
application compatibility [+],
amazon [+],
advisory [+],
acoo browser [+],
acoo [+],
Tools [+],
Rasberry [+],
ExploitsVulnerabilities [+],
Countermeasures [+],
3d models [+],
web browser [+],
opera web [+],
multiple [+],
martijn wargers [+],
usa [+],
memory corruption [+],
jesse ruderman [+],
flock [+],
visit,
vendor,
unterschiedlichen,
und,
tar gz,
symbian os,
switch,
sqlite,
selling,
rider,
remote exec,
remixed,
probation,
port,
payloads,
nokia symbian,
multitudinous,
microsoft browser,
metasploit,
marquee,
local,
little bits,
kingsoft,
james lee tags,
ipad,
internet explorer users,
integer overflow,
howtos,
hardens,
hacker test,
guided missiles,
guided,
gonzalez accomplice,
gaps,
fuzzer,
flexible interface,
flags,
fingerprints,
final builds site,
feature,
european internet,
duba,
drive bys,
dragon,
dos vulnerability,
control interface,
content length,
concept,
collection,
chromium,
brings,
beef,
bar,
automatic browser,
attacks,
anonymisation,
accomplice,
Tutorials
-
-
16:00
»
SecuriTeam
Opera Web Browser is prone to a remote memory-corruption vulnerability.
-
-
18:28
»
Packet Storm Security Recent Files
In this paper the authors uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam3 platform as an attack vector against remote systems.
-
18:28
»
Packet Storm Security Misc. Files
In this paper the authors uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam3 platform as an attack vector against remote systems.
-
-
7:01
»
Hack a Day
Now instead of wrangling Python or PHP to do your bidding, [Eric] came up with a way to control the GPIO pins on his Raspberry Pi in a browser. [Eric] calls his project WebIOPi, and it’s the perfect tool if you’d just like to blink a LED or control a relay over the internet. Simply [...]
-
-
10:30
»
Hack a Day
If you haven’t heard of it, OpenSCAD is a really wonderful tool for 3D modeling. Â While it doesn’t have the traditional graphical interface of AutoCAD – it’s basically a programming language for 3D models – OpenSCAD is able to create very complex parts with only a few lines of code. That’s all well and good, [...]
-
-
17:00
»
SecuriTeam
Opera Web Browser is prone to a remote code-execution vulnerability.
-
-
15:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-142 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
-
15:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-142 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
-
15:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-142 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
-
-
17:00
»
SecuriTeam
Opera Web Browser is prone to a security-bypass vulnerability.
-
17:00
»
SecuriTeam
Opera Web Browser is prone to a remote code-execution vulnerability.
-
17:00
»
SecuriTeam
Opera web browser is prone to an unspecified vulnerability.
-
-
17:00
»
SecuriTeam
Opera Web Browser is prone to a HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
-
-
19:36
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
-
19:36
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
-
19:36
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
-
-
16:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
16:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
16:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
16:59
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
-
16:59
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
-
16:59
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
-
-
17:00
»
SecuriTeam
Arora Browser is prone to a remote denial-of-service vulnerability.
-
-
17:03
»
Packet Storm Security Recent Files
It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition: attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file. Proof of concept code included.
-
17:03
»
Packet Storm Security Misc. Files
It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition: attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file. Proof of concept code included.
-
-
7:58
»
Packet Storm Security Exploits
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
-
7:58
»
Packet Storm Security Recent Files
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
-
7:58
»
Packet Storm Security Misc. Files
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
-
-
14:44
»
Packet Storm Security Recent Files
Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
-
14:44
»
Packet Storm Security Misc. Files
Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
-
17:53
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the bad nesting with SVG tags. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
17:53
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the bad nesting with SVG tags. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
-
17:14
»
Packet Storm Security Exploits
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
17:14
»
Packet Storm Security Recent Files
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
17:14
»
Packet Storm Security Misc. Files
Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
-
-
13:33
»
SecDocs
Authors:
Shreeraj Shah Tags:
AJAX XSS Rich Internet Applications Event:
Black Hat USA 2010 Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.
-
13:33
»
SecDocs
Authors:
Shreeraj Shah Tags:
AJAX XSS Rich Internet Applications Event:
Black Hat USA 2010 Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.
-
-
2:45
»
SecDocs
Authors:
Samy Kamkar Tags:
web social engineering Event:
Black Hat USA 2010 Abstract: How I Met Your Girlfriend: The discovery and execution of entirely new classes of attacks executed from the Web in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and weak random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.
-
-
8:42
»
Packet Storm Security Exploits
A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
-
8:42
»
Packet Storm Security Recent Files
A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
-
8:42
»
Packet Storm Security Misc. Files
A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
-
-
16:27
»
Packet Storm Security Advisories
iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
16:27
»
Packet Storm Security Recent Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
16:27
»
Packet Storm Security Misc. Files
iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
-
-
16:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. If the underlying DOM element is cloned and the parent object removed, a dangling reference can exist. When the module attempts to walk the relationship list to call the window hook, the process can be made to jump into uninitialized heap memory. This can be exploited by an attacker to execute code under the context of the user running the browser.
-
16:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. If the underlying DOM element is cloned and the parent object removed, a dangling reference can exist. When the module attempts to walk the relationship list to call the window hook, the process can be made to jump into uninitialized heap memory. This can be exploited by an attacker to execute code under the context of the user running the browser.
-
16:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. If the underlying DOM element is cloned and the parent object removed, a dangling reference can exist. When the module attempts to walk the relationship list to call the window hook, the process can be made to jump into uninitialized heap memory. This can be exploited by an attacker to execute code under the context of the user running the browser.
-
-
21:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[remote exploits] - RealPlayer 11 Browser (res://ieframe.dll) Remote Arbitrary Code
-
21:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - Maxthon Browser 3.22.2000 0day BOF/DOS Exploit
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - Maxthon Browser 3.22.2000 0day BOF/DOS Exploit
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[remote exploits] - RealPlayer 11 Browser (res://ieframe.dll) Remote Arbitrary Code
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - QtWeb Browser Version: 3.7.2 (latest) Denial of Service
-
-
11:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
-
11:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
-
11:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1049-2 - USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Various other issues were also addressed.
-
-
8:15
»
Packet Storm Security Advisories
Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
-
8:15
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
-
8:15
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
-
-
15:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
-
15:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 997-1 - Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
-
-
18:02
»
Packet Storm Security Advisories
Ubuntu Security Notice 1006-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Please consult the bug listed at the top of this advisory to get the exact list of CVE numbers fixed for each release.
-
-
14:00
»
Hack a Day
Here’s a watering can and water vortex that are controlled with a webkit browser interface. The interface displays a drawing of the watering can on your browser. If you grab one of the handles on the circle around the image and move it, the can will rotate as well. Okay, so this isn’t going to [...]
-
-
12:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling plugin parameters. Specifically, a long value for the operation parameter can trigger a stack-based buffer overflow. Successful exploitation leads to execution of arbitrary code under the context of the user running the browser process.
-
12:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process.
-
12:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling plugin parameters. Specifically, a long value for the operation parameter can trigger a stack-based buffer overflow. Successful exploitation leads to execution of arbitrary code under the context of the user running the browser process.
-
-
12:03
»
Packet Storm Security Recent Files
Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed.
-
12:03
»
Packet Storm Security Advisories
Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed.
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Avant Browser Denial of Service
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Flock Browser 2.x.x Denial of Service Exploit
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Lunascape Browser 6.1.6 Denial of Service Exploit
-
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Internet Browser Classic (IBC 0-6-1) DOS Exploit
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Netscape Browser 9.x Denial of Service Exploit
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Acoo Browser 1.98.744 Denial of Service Exploit
-
1:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
TheWorld Browser 3.1.6.8 DOS Exploit
-
-
21:03
»
SecDocs
Authors:
Dan Kaminsky Tags:
web application web Event:
Source Conference Boston 2010 Abstract: The web is remarkably difficult to secure. Browsers are ornery, powerful creations, and we security people demand all sorts of things of developers to make them behave. By in large, the developers ignore us. Our asks, they say, are too expensive. Rather than just guilting them, could we make better asks -- of both web developers, and browser manufacturers? Possibly. In this talk, I explore a couple of interesting techniques for easily mitigating entire classes of Cross Site Scripting and Cross Site Request Forgery attacks. They aren't perfect, but they work, and more importantly they represent a new class of ask for browser manufacturers that might even be implementable past the genuinely more powerful forces of application compatibility, performance, and developer compliance. I will also discuss Treelocking, a generic mechanism for mitigating injections into protocols as diverse as SQL, LDAP, XML, and JSON.
-
-
22:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.
-
22:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.
-
22:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 920-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser.
-
22:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 921-1 - Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. It was discovered that Firefox could be made to access previously freed memory. Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. Wladimir Palant discovered that Firefox did not always perform security checks on XML content.
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution