CVE-2016-6373
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.
Source: CVE-2016-6373
[월:] 2016년 09월
CVE-2016-5284 (firefox, firefox_esr)
CVE-2016-5284 (firefox, firefox_esr)
Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
CVE-2016-5283 (firefox)
CVE-2016-5283 (firefox)
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
Source: CVE-2016-5283 (firefox)
CVE-2016-5284
CVE-2016-5284
Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
Source: CVE-2016-5284
CVE-2016-5283
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
Source: CVE-2016-5283
CVE-2016-5282 (firefox)
CVE-2016-5282 (firefox)
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Source: CVE-2016-5282 (firefox)
CVE-2016-5282
CVE-2016-5282
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Source: CVE-2016-5282
CVE-2016-5281 (firefox, firefox_esr)
CVE-2016-5281 (firefox, firefox_esr)
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
CVE-2016-5281
CVE-2016-5281
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
Source: CVE-2016-5281
CVE-2016-5280 (firefox, firefox_esr)
CVE-2016-5280 (firefox, firefox_esr)
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.