Articles récents

Catégories

janvier 2016

icon_firefox[CVE-2016-1941] Delay following click events in file download dialog too short on OS X

Delay following click events in file download dialog too short on OS X Announced: January 26, 2016 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific

icon_firefox[CVE-2016-1943] Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden

Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden Announced: January 26, 2016 Reporter: Jordi Chancel Impact: High Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported two issues involving addressbar spoofing. The first of these is a « high » rated security issue on on Firefox for Android involving the scrollTo() method to scroll a page. In this attack, scrollTo() is used to

icon_firefox[CVE-2016-1942] Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually

Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually Announced: January 26, 2016 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 44 Description Security researcher Jordi Chancel reported two issues involving addressbar spoofing. The second flaw is a « low » rated security issue affecting Desktop Firefox. In this attack, when a URL which is invalid for an internal protocol is pasted