The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to read and steal sensitive local files on the victim’s computer.
Available updates include:
Firefox 39.0.3
Firefox ESR 38.1.1
US-CERT encourages users and administrators to review the Security Advisory for Firefox and Firefox ESR and apply the necessary updates.
LAS VEGAS–Export controls have become a dirty phrase in the security community, especially among researchers, pen testers, and others who rely on vulnerability information and exploits to do their jobs. And if the Wassenaar Arrangement rules proposed by the United States aren’t modified significantly before they’re implemented, dark days may lie ahead for the research […]
FreeBSD Security Advisory – Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.
We discovered a new attack vector against memory deduplication in
Virtual Machine Monitors (VMM) where attackers can effectively leak
randomized base addresses of libraries and executables in processes
of neighboring Virtual Machines (VM).
FreeBSD Security Advisory – The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.