+ Selenium IE Driver Server 2.53.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Mozilla Firefox 47.0 released
https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
+ MFSA 2016-61 Network Security Services (NSS) vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
+ MFSA 2016-60 Java applets bypass CSP protections
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833
+ MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2832
+ MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831
+ MFSA 2016-57 Incorrect icon displayed on permissions notifications
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2829
+ MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
+ MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2826
+ MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2825
+ MFSA 2016-53 Out-of-bounds write with WebGL shader
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2824
+ MFSA 2016-52 Addressbar spoofing though the SELECT element
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
+ MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
+ MFSA 2016-50 Buffer overflow parsing HTML5 fragments
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
+ MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2815
+ Wireshark 2.0.4 released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Samba 4.4.4 Available for Download
https://www.samba.org/samba/history/samba-4.4.4.html
+ SA70997 Android Multiple Vulnerabilities
https://secunia.com/advisories/70997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496
+ SA70962 Fujitsu Interstage Products Apache Struts Vulnerabilities
https://secunia.com/advisories/70962/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html
JVNDB-2016-000098 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000098.html
JVNDB-2016-000097 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000097.html
JVNDB-2016-000096 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000096.html
実践、セキュリティ事故対応日経コンピュータ
[第11回]Web改ざん攻撃はCMSに要注意 早期発見は六つの事前対策で
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800011/?ST=security
Zuckerberg氏のSNSアカウントがハッキング被害に?TwitterやPinterestなど
http://itpro.nikkeibp.co.jp/atcl/news/16/060701642/?ST=security
JVN#74659077 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvn.jp/jp/JVN74659077/index.html
UPDATE: JVN#49476817 DXライブラリにおけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN49476817/index.html
0 件のコメント:
コメントを投稿