#firefox

Categories: Threat Intelligence Tags: malvertising Tags: weebly Tags: google Tags: ads Tags: seniors Tags: recipe Tags: tech support Tags: scam Scammers are buying ads on for the most common Google searches made by seniors and defrauding them with tech support scams. (Read more...) The post Massive malvertising campaign targets seniors via fake Weebly sites appeared first on Malwarebytes Labs.

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

Ubuntu Security Notice 6010-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks.

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Adobe Tags: Cisco Tags: SAP Tags: Mozilla Tags: CVE-2023-28252 Tags: CVE-2023-28231 Tags: CVE-2023-21554 Tags: Word Tags: Publisher Tags: Office One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month's Patch Tuesday updates. (Read more...) The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.

X2CRM versions 6.6 and 6.9 suffer from multiple cross site scripting vulnerabilities.

Palo Alto Cortex XSOAR version 6.5.0 suffers from a persistent cross site scripting vulnerability.

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 31 and April 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key