Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2023-41447: CVE-2023-41447

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.

CVE
#xss#vulnerability#windows#js#java#php#firefox
CVE-2023-41448: CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.

Fake Bitwarden Password Manager Website Drops Windows ZenRAT

By Deeba Ahmed If you’ve installed Bitwarden Password Manager recently, ensure that you downloaded it from its official website and not… This is a post from HackRead.com Read the original post: Fake Bitwarden Password Manager Website Drops Windows ZenRAT

CVE-2023-5176: Security Vulnerabilities fixed in Firefox 118

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5171: Invalid Bug ID

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5168: Invalid Bug ID

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of

LogoBee CMS 0.2 Cross Site Scripting

LogoBee CMS version 0.2 suffers from a cross site scripting vulnerability.

Lamano LMS 0.1 Insecure Settings

Lamano LMS version 0.1 suffers from an ignored default credential vulnerability.