#android

Categories: News Tags: security vulnerabilities Tags: cryptocurrency Tags: lock and code Tags: SevenRooms Tags: adult popunder Tags: ad fraud Tags: AV-TEST Tags: Gemini Tags: cryptocurrency Tags: Play ransomware Tags: ransomware Tags: blocking IP addresses Tags: BEC scam Tags: BEC Tags: Bricklink Tags: Lego Tags: Netflix Tags: Disney+ Tags: password sharing Tags: The Guardian Tags: ransomware attack Tags: Godfather malware Tags: Godfather Tags: Android banking malware The most interesting security related news from the week of December 19 to 25. (Read more...) The post A week in security (December 19 - 25) appeared first on Malwarebytes Labs.

F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.

By Owais Sultan In this article, we'll explore the key features and benefits of Android-based digital signage and how you can take advantage of them. This is a post from HackRead.com Read the original post: Android-Based Digital Signage: Key Features and Benefits

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107.

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105.

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92.

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).