[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Aug 19 05:21:02 PDT 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 503 Published: Thu, 18 Aug 2016 22:26:58 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 - CVE-2015-7645
Severity: High
Fixlet ID: 98502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A985
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7645
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
***************************************************************
Title: Same origin bypass for images in Blink - CVE-2016-5145
Severity: Medium
Fixlet ID: 98601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A986
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5145
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
***************************************************************
Title: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-5146
Severity: High
Fixlet ID: 98701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A987
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5146
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
***************************************************************
Title: Origin confusion in proxy authentication - CVE-2016-5133
Severity: Medium
Fixlet ID: 98801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A988
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5133
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
***************************************************************
Title: Parameter sanitization failure in DevTools - CVE-2016-5144
Severity: High
Fixlet ID: 98902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A989
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5144
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
***************************************************************
Title: History sniffing with HSTS and CSP - CVE-2016-5137
Severity: Medium
Fixlet ID: 99002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A990
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5137
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
***************************************************************
Title: Content-Security-Policy bypass - CVE-2016-5135
Severity: Medium
Fixlet ID: 99101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A991
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5135
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
***************************************************************
Title: Use after free in extensions - CVE-2016-5136
Severity: Medium
Fixlet ID: 99201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A992
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5136
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
***************************************************************
Title: Limited same-origin bypass in Service Workers - CVE-2016-5132
Severity: Medium
Fixlet ID: 99301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A993
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5132
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
***************************************************************
Title: Parameter sanitization failure in DevTools - CVE-2016-5143
Severity: High
Fixlet ID: 99401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A994
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
***************************************************************
Title: Use-after-free in libxml - CVE-2016-5131
Severity: Medium
Fixlet ID: 99502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A995
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
***************************************************************
Title: URL leakage via PAC script - CVE-2016-5134
Severity: Medium
Fixlet ID: 99602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A996
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5134
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
***************************************************************
Title: URL spoofing - CVE-2016-5130
Severity: Medium
Fixlet ID: 99701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A997
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5130
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
***************************************************************
Title: Vulnerability in Mozilla Firefox before 44.0 - CVE-2016-1938
Severity: Medium
Fixlet ID: 102502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1025
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1938
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
More information about the WinVulns-Announcements
mailing list