+ RHSA-2015:0265 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-0265.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ RHSA-2015:0265 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2015:0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ Mozilla Firefox 36.0 released
https://www.mozilla.org/en-US/firefox/36.0/releasenotes/
+ MFSA-2015-27 Caja Compiler JavaScript sandbox bypass
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820
+ MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
+ MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
+ MSFA-2015-24 Reading of local files through manipulation of form autocomplete
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
+ MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
+ MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
+ MSFA-2015-21 Buffer underflow during MP3 playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
+ MSFA-2015-20 Buffer overflow during CSS restyling
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
+ MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
+ MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
+ MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
+ MSFA-2015-16 Use-after-free in IndexedDB
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
+ MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
+ MSFA-2015-14 Malicious WebGL content crash when writing strings
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
+ MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832
+ MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
+ MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
+ Mozilla Thunderbird 31.5.0 released
https://www.mozilla.org/en-US/thunderbird/31.5.0/releasenotes/
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
+ Samba 4.1.17, 4.0.25 and 3.6.25 Security Releases Available for Download
https://www.samba.org/samba/latest_news.html#4.1.17
https://www.samba.org/samba/history/samba-4.1.17.html
+ DoS/PoC: PHP 5.6.5 DateTime Use-After-Free
http://cxsecurity.com/issue/WLB-2015020121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
+ DoS/PoC: PHP 5.6.5 DateTimeZone Type Confusion Infoleak
http://cxsecurity.com/issue/WLB-2015020120
+ SA63051 Samba RPC Netlogon Handling Code Execution Vulnerability
http://secunia.com/advisories/63051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
JVNDB-2015-000023 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000023.html
News & Trend
ついに始まった五輪商戦、監視カメラシステムへの投資をにらみ各社動く
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/022200175/?ST=security
レノボ搭載のSuperfish、セキュリティ各社が“ウイルス”として検出
http://itpro.nikkeibp.co.jp/atcl/news/15/022400674/?ST=security
「Superfish」だけではない、SSL盗聴を招く危険なソフトが相次ぐ
http://itpro.nikkeibp.co.jp/atcl/news/15/022400668/?ST=security
JVNVU#91326102 Adtrustmedia PrivDog に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU91326102/
JVN#42768331 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN42768331/
JVNTA#91476059 Superfish がインストールされた Lenovo 製 PC に HTTPS スプーフィングの脆弱性
http://jvn.jp/ta/JVNTA91476059/
JVNVU#92865923 Komodia Redirector がルート CA 証明書と秘密鍵をインストールする問題
http://jvn.jp/vu/JVNVU92865923/
REMOTE: HP Client Automation Command Injection
http://www.exploit-db.com/exploits/36169
0 件のコメント:
コメントを投稿