#firefox

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the

This python script is a slow brute forcing utility to check passwords against FortiGate appliances. Check the homepage link for more information on how this was used to slowly bypass brute force protections.

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.

Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.

DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground.

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.

Ubuntu Security Notice 6010-2 - USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the mem...