Monthly Archive: April 2019

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. Date published :...

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Date published : 2019-04-26 https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message...

A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable...

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox <...

The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of...

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren’t covered by the signature. The flaw...

XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. Date published : 2019-04-26 http://www.cinquino.eu/ProFiles%201.5%20Free%20Version%20Component%20Xss.htm

Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. Date published : 2019-04-26 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-0e9aa589be0cec73df5f154aa40f5b06 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-22d0b3c0987a60483473990fc07f1886

Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. Date published : 2019-04-26 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-72e9a967d5cebb96734e6f6984091e66 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-737f14a5f5bdad53c5ce9b3ec628bf6d

Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. Date published : 2019-04-26 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4280d95d6643b5d9673962736ada210b

Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. Date published : 2019-04-26 https://github.com/gnuboard/gnuboard5/commit/b1fc952c7600b825c4b02e2789ddafdea18c8d13#diff-4182a3e8b74f6eb325c45862f8f26e76

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1,...

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1....