Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during “Add to home screen” bookmarking.
Monthly Archives: January 2016
CVE-2015-8512
The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses.
CVE-2015-8511
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
BSidesLjubljana 2016 Call For Papers
B-Sides Ljubljana will be held March 9th,2016 in Ljubljana, Slovenia.
DSA-3438 xscreensaver – security update
It was discovered that unplugging one of the monitors in a multi-monitor
setup can cause xscreensaver to crash. Someone with physical access to
a machine could use this problem to bypass a locked session.
DSA-3437 gnutls26 – security update
Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 1.2 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake. A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
authenticated TLS client.
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Posted by Stefan Kanthak on Jan 08
Hi @ll,
EmsisoftAntiMalwareSetup.exe as well as
EmsisoftAntiMalwareXPSetup.exe, EmsisoftEmergencyKit.exe and
EmsisoftHiJackFreeSetup.exe load and execute UXTheme.dll (plus
other DLLs like RichEd20.dll and RichEd32.dll) eventually found
in the directory they are started from (the “application directory”).
For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory:…
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
Posted by Stefan Kanthak on Jan 08
Hi @ll,
the executable installers ZASPSetupWeb_141_011_000.exe and
zafwSetupWeb_141_011_000.exe load and execute (at least)
UXTheme.dll, WindowsCodecs.dll and ProfAPI.dll from their
“application directory”.
For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,…
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
Posted by Stefan Kanthak on Jan 08
Hi @ll,
the executable installers “TrueCrypt Setup 7.1a.exe” and
TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll,
NTMarta.dll and SRClient.dll from their “application directory”.
For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,
<…
MobaXTerm before version 8.5 vulnerability in "jump host" functionality
Posted by Thomas Bleier on Jan 08
== Description ==
MobaXTerm (http://www.mobatek.net/), a Windows SSH/RDP/VNC/etc. client, includes
a functionality to open remote sessions via a so-called “jump host” or “SSH
gateway”. In the end this creates a “SSH Port Forward” by binding a local port on
the machine running MobaXTerm to forward all traffic to the specified destination
host via the jump host through a SSH tunnel (-L option in OpenSSH), and that…