(Dec 10) It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.
(Dec 10) Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the oldstable distribution (jessie), these problems have been fixed
(Dec 8) It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.
(Dec 8) Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.
(Dec 9) It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.
(Dec 8) It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. For the oldstable distribution (jessie), this problem has been fixed
(Dec 7) George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.
(Dec 7) Michael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service (crash of
(Dec 3) Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system. For the oldstable distribution (jessie), these problems have been fixed
(Nov 30) Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: