The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.

iTop version 2.1.0-2127 suffers from a cross site scripting vulnerability.

This Metasploit module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.

Open-Xchange Server 6 version 6.22.9 and AppSuite versions 7.6.2 and below suffer from a cross site scripting vulnerability.

Guard versions 2.0.0-rev7 and below suffer from a remote SQL injection vulnerability.

Slackware Security Advisory – New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues.

The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.

Ubuntu Security Notice 2743-1 – Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

Ubuntu Security Notice 2743-2 – USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.