Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – DanaBot Malware Resurfaces with new features
February 13, 2019Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
February 13, 2019
Analysis Summary
Mozilla has released security updates to address the following vulnerabilities in Firefox and Firefox ESR.
CVE-2018-18356: Use-after-free in Skia (High Impact) A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
CVE-2019-5785: Integer overflow in Skia (High Impact) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (High Impact) Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (Only affects FireFox 65)
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D (High Impact) A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Impact
System Crash
System Access
Affected Products
Mozilla Firefox
Mozilla Firefox ESR
Remediation
Update to the following fixed versions:
Firefox 65.0.1
Firefox ESR 60.5.1