BugTraq Mode:
(Page 6 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de) (2 replies)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> W^X applies to memory protection, completely irrelevant here.

I recommend to revisit elementary school and start to learn reading!

http://seclists.org/bugtraq/2015/Aug/8

| JFTR: current software separates code from data in virtual memory and
| uses

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Reindl Harald (h reindl thelounge net)
RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Steve Friedl (steve unixwiz net) (1 replies)
RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Frank Waarsenburg (fwaarsenburg ram-it nl) (1 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Jakob Holderbaum (hi jakob io)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> This makes no sense.

Right. "W^X" obviously doesnt make sense to YOU.

> Administrator can write everywhere and users can write their own
> directories. There is no privilege escalation here, no security
> boundary being crossed.

Who wrote anything about

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> If it can only be written by your own user, what would be the
> security boundary being crossed here?

Please read AGAIN what I already wrote!

| The security boundary created by privilege separation

ie. Administrator/root vs. "user"

| and installation of

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:19.routed 2015-08-05
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:19.routed Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch 2015-08-05
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:18.bsdpatch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows 2015-08-05
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released latest version 5.0.0.5 of LibreOffice.org for Windows
distributes (once again) a completely outdated and vulnerable MSVC++
runtime.

The installer package LibreOffice_5.0.0_Win_x86.msi contains the files

msvcp80.dll 8.0.50727.42
msvcr80.dll 8.0.50727.42
Micros

[ more ]  [ reply ]
[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information 2015-08-05
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04760669

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04760669
Version: 1

HPSBUX03388 S

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-05
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> %APPDATA% is within the user's home directory - by default it should
> not be writeable by other users.

Did I mention OTHER users?
Clearly not, so your "argument" is moot.

> If this is the case then the problem is one of bad file permissions,
> not the lo

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-05
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-05
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Reindl Harald (h reindl thelounge net) (2 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Christoph Gruber (list guru at) (2 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Andrew Deck (andrew hastings deck gmail com)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Reindl Harald (h reindl thelounge net)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Bruce A. Peters (bpeters se-kure com)
SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network 2015-08-05
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20150805-0 >
=======================================================================
title: Stack buffer overflow in handle_debug_network
product: Websense Triton Content Manage

[ more ]  [ reply ]
[SECURITY] [DSA 3328-2] wordpress regression update 2015-08-04
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3328-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
August 04, 2015

[ more ]  [ reply ]
Mozilla extensions: a security nightmare 2015-08-04
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Mozilla Thunderbird 38 and newer installs and activates per default
the 'Lightning' extension.

Since extensions live in the (Firefox and) Thunderbird profiles
(which are stored beneath %APPDATA% in Windows) and 'Lightning' comes
(at least for Windows) with a DLL and some Javascript, Thunde

[ more ]  [ reply ]
[SECURITY] [DSA 3328-1] wordpress security update 2015-08-04
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3328-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
August 04, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3327-1] squid3 security update 2015-08-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3327-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 03, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3326-1] ghostscript security update 2015-08-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3326-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 02, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3325-1] apache2 security update 2015-08-01
Stefan Fritsch (sf debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3325-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Stefan Fritsch
August 01, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3324-1] icedove security update 2015-08-01
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3324-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
August 01, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3323-1] icu security update 2015-08-01
Laszlo Boszormenyi (gcs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3323-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Laszlo Boszormenyi
August 01, 2015

[ more ]  [ reply ]
Multiple XSS vulnerabilities in FortiSandbox WebUI 2015-08-01
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt

Vendor:
================================
www.fortinet.com
PSIRT ID: 1418018

Product:
==================================
FortiSandbox 3000

[ more ]  [ reply ]
[SECURITY] [DSA 3322-1] ruby-rack security update 2015-07-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3322-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 31, 2015

[ more ]  [ reply ]
(Page 6 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus