Monthly Archives: December 2014
Charge Anywhere Has Been Breached For Five Years
Hacker Lexicon: What Is A Backdoor?
Inception Cyber Espionage Tool Stealing Secrets From Government And Military
Android scam: Firms fined over $500,000 for malicious apps’ hidden subscriptions
Three UK firms have been fined over $500,000 for a scam that involved Android apps signing up to a subscription service, and suppressing notifications informing the victim they were being charged, according to The Guardian.
The post Android scam: Firms fined over $500,000 for malicious apps’ hidden subscriptions appeared first on We Live Security.
Mozilla to Support Certificate Transparency in Firefox
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first.
CVE-2014-1587 (firefox, firefox_esr, seamonkey, thunderbird)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1588 (firefox, seamonkey)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1589 (firefox, seamonkey)
Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.
CVE-2014-1590 (firefox, firefox_esr, seamonkey, thunderbird)
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.