Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2023-33733: Cure53 – Fine penetration tests for fine websites

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

CVE
#xss#vulnerability#web#android#google#js#git#java#php#c++#backdoor#perl#pdf#auth#ruby#chrome
A week in security (May 29 - June 4)

Categories: News Tags: week in security A list of topics we covered in the week of May 29 - June 4 of 2023 (Read more...) The post A week in security (May 29 - June 4) appeared first on Malwarebytes Labs.

Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID

By Habiba Rashid The dark web search feature enables users to scan for their Gmail address on the dark web and receive guidance on online protection. This is a post from HackRead.com Read the original post: Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID

CVE-2023-29551: Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112

Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVE-2023-29550: Security Vulnerabilities fixed in Firefox ESR 102.10

Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

CVE-2023-29543: Invalid Bug ID

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVE-2023-25748: Security Vulnerabilities fixed in Firefox 111

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111.

CVE-2023-23604: Security Vulnerabilities fixed in Firefox 109

A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.

CVE-2023-29533: Invalid Bug ID

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

CVE-2023-29537: Invalid Bug ID

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.