Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code.

Two severe bugs (CVE-2020-15674 and CVE-2020-15673) are errors in the browser’s memory-safety protections, which prevent memory access issues like buffer overflows. CVE-2020-15674 was reported in Firefox 80, while CVE-2020-15673 was reported in Firefox 80 and Firefox ESR 78.2. Firefox ESR (Extended Support Release) is a Firefox version that’s based on an official release for desktop, for use by organizations who need extended support for mass deployments.

“Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code,” according to a Mozilla Foundation security advisory, released on Tuesday.

#vulnerabilities #web security #buffer error #cve-2020-15673 #cve-2020-15674 #cve-2020-15675 #firefox #firefox 80 #firefox 81 #firefox esr 78.3 #memory safety #mozilla #mozilla foundation #use-after-free #vulnerability #webgl

What is GEEK

Buddha Community

Firefox 81 Release Kills High-Severity Code-Execution Bugs
Grace  Lesch

Grace Lesch

1639778400

PySQL Tutorial: A Database Framework for Python

PySQL 

PySQL is database framework for Python (v3.x) Language, Which is based on Python module mysql.connector, this module can help you to make your code more short and more easier. Before using this framework you must have knowledge about list, tuple, set, dictionary because all codes are designed using it. It's totally free and open source.

Tutorial Video in English (Watch Now)

IMAGE ALT TEXT HERE

Installation

Before we said that this framework is based on mysql.connector so you have to install mysql.connector first on your system. Then you can import pysql and enjoy coding!

python -m pip install mysql-connector-python

After Install mysql.connector successfully create Python file download/install pysql on the same dir where you want to create program. You can clone is using git or npm command, and you can also downlaod manually from repository site.

PyPi Command

Go to https://pypi.org/project/pysql-framework/ or use command

pip install pysql-framework

Git Command

git clone https://github.com/rohit-chouhan/pysql

Npm Command

Go to https://www.npmjs.com/package/pysql or use command

$ npm i pysql

Snippet Extention for VS Code

Install From Here https://marketplace.visualstudio.com/items?itemName=rohit-chouhan.pysql

IMAGE ALT TEXT HERE

Table of contents

Connecting a Server


To connect a database with localhost server or phpmyadmin, use connect method to establish your python with database server.

import pysql

db = pysql.connect(
    "host",
    "username",
    "password"
 )

Create a Database in Server


Creating database in server, to use this method

import pysql

db = pysql.connect(
    "host",
    "username",
    "password"
 )
 pysql.createDb(db,"demo")
 #execute: CREATE DATABASE demo

Drop Database


To drop database use this method .

Syntex Code -

pysql.dropDb([connect_obj,"table_name"])

Example Code -

pysql.dropDb([db,"demo"])
#execute:DROP DATABASE demo

Connecting a Database


To connect a database with localhost server or phpmyadmin, use connect method to establish your python with database server.

import pysql

db = pysql.connect(
    "host",
    "username",
    "password",
    "database"
 )

Creating Table in Database


To create table in database use this method to pass column name as key and data type as value.

Syntex Code -


pysql.createTable([db,"table_name_to_create"],{
    "column_name":"data_type", 
    "column_name":"data_type"
})

Example Code -


pysql.createTable([db,"details"],{
    "id":"int(11) primary", 
     "name":"text", 
    "email":"varchar(50)",
    "address":"varchar(500)"
})

2nd Example Code -

Use can use any Constraint with Data Value


pysql.createTable([db,"details"],{
    "id":"int NOT NULL PRIMARY KEY", 
     "name":"varchar(20) NOT NULL", 
    "email":"varchar(50)",
    "address":"varchar(500)"
})

Drop Table in Database


To drop table in database use this method .

Syntex Code -

pysql.dropTable([connect_obj,"table_name"])

Example Code -

pysql.dropTable([db,"users"])
#execute:DROP TABLE users

Selecting data from Table


For Select data from table, you have to mention the connector object with table name. pass column names in set.

Syntex For All Data (*)-

records = pysql.selectAll([db,"table_name"])
for x in records:
  print(x)

Example - -

records = pysql.selectAll([db,"details"])
for x in records:
  print(x)
#execute: SELECT * FROM details

Syntex For Specific Column-

records = pysql.select([db,"table_name"],{"column","column"})
for x in records:
  print(x)

Example - -

records = pysql.select([db,"details"],{"name","email"})
for x in records:
  print(x)
#execute: SELECT name, email FROM details

Syntex Where and Where Not-

#For Where Column=Data
records = pysql.selectWhere([db,"table_name"],{"column","column"},("column","data"))

#For Where Not Column=Data (use ! with column)
records = pysql.selectWhere([db,"table_name"],{"column","column"},("column!","data"))
for x in records:
  print(x)

Example - -

records = pysql.selectWhere([db,"details"],{"name","email"},("county","india"))
for x in records:
  print(x)
#execute: SELECT name, email FROM details WHERE country='india'

Add New Column to Table


To add column in table, use this method to pass column name as key and data type as value. Note: you can only add one column only one call

Syntex Code -


pysql.addColumn([db,"table_name"],{
    "column_name":"data_type"
})

Example Code -


pysql.addColumn([db,"details"],{
    "email":"varchar(50)"
})
#execute: ALTER TABLE details ADD email varchar(50);

Modify Column to Table


To modify data type of column table, use this method to pass column name as key and data type as value.

Syntex Code -

pysql.modifyColumn([db,"table_name"],{
    "column_name":"new_data_type"
})

Example Code -

pysql.modifyColumn([db,"details"],{
    "email":"text"
})
#execute: ALTER TABLE details MODIFY COLUMN email text;

Drop Column from Table


Note: you can only add one column only one call

Syntex Code -

pysql.dropColumn([db,"table_name"],"column_name")

Example Code -

pysql.dropColumn([db,"details"],"name")
#execute: ALTER TABLE details DROP COLUMN name

Manual Execute Query


To execute manual SQL Query to use this method.

Syntex Code -

pysql.query(connector_object,your_query)

Example Code -

pysql.query(db,"INSERT INTO users (name) VALUES ('Rohit')")

Inserting data


For Inserting data in database, you have to mention the connector object with table name, and data as sets.

Syntex -

data =     {
    "db_column":"Data for Insert",
    "db_column":"Data for Insert"
}
pysql.insert([db,"table_name"],data)

Example Code -

data =     {
    "name":"Komal Sharma",
    "contry":"India"
}
pysql.insert([db,"users"],data)

Updating data


For Update data in database, you have to mention the connector object with table name, and data as tuple.

Syntex For Updating All Data-

data = ("column","data to update")
pysql.updateAll([db,"users"],data)

Example - -

data = ("name","Rohit")
pysql.updateAll([db,"users"],data)
#execute: UPDATE users SET name='Rohit'

Syntex For Updating Data (Where and Where Not)-

data = ("column","data to update")
#For Where Column=Data
where = ("column","data")

#For Where Not Column=Data (use ! with column)
where = ("column!","data")
pysql.update([db,"users"],data,where)

Example -

data = ("name","Rohit")
where = ("id",1)
pysql.update([db,"users"],data,where)
#execute: UPDATE users SET name='Rohit' WHERE id=1

Deleting data


For Delete data in database, you have to mention the connector object with table name.

Syntex For Delete All Data-

pysql.deleteAll([db,"table_name"])

Example - -

pysql.deleteAll([db,"users"])
#execute: DELETE FROM users

Syntex For Deleting Data (Where and Where Not)-

where = ("column","data")

pysql.delete([db,"table_name"],where)

Example -

#For Where Column=Data
where = ("id",1)

#For Where Not Column=Data (use ! with column)
where = ("id!",1)
pysql.delete([db,"users"],where)
#execute: DELETE FROM users WHERE id=1

--- Finish ---

Change Logs

[19/06/2021]
 - ConnectSever() removed and merged to Connect()
 - deleteAll() [Fixed]
 - dropTable() [Added]
 - dropDb() [Added]
 
[20/06/2021]
 - Where Not Docs [Added]

The module is designed by Rohit Chouhan, contact us for any bug report, feature or business inquiry.

Author: rohit-chouhan
Source Code: https://github.com/rohit-chouhan/pysql
License: Apache-2.0 License

#python 

Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code.

Two severe bugs (CVE-2020-15674 and CVE-2020-15673) are errors in the browser’s memory-safety protections, which prevent memory access issues like buffer overflows. CVE-2020-15674 was reported in Firefox 80, while CVE-2020-15673 was reported in Firefox 80 and Firefox ESR 78.2. Firefox ESR (Extended Support Release) is a Firefox version that’s based on an official release for desktop, for use by organizations who need extended support for mass deployments.

“Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code,” according to a Mozilla Foundation security advisory, released on Tuesday.

#vulnerabilities #web security #buffer error #cve-2020-15673 #cve-2020-15674 #cve-2020-15675 #firefox #firefox 80 #firefox 81 #firefox esr 78.3 #memory safety #mozilla #mozilla foundation #use-after-free #vulnerability #webgl

Carmen  Grimes

Carmen Grimes

1603280160

Coming through with Firefox 82 – Mozilla Hacks

As October ushers in the tail-end of the year, we are pushing Firefox 82 out the door. This time around we finally enable support for the Media Session API, provide some new CSS pseudo-selector behaviours, close some security loopholes involving the Window.name property, and provide inspection for server-sent events in our developer tools.

This blog post provides merely a set of highlights; for all the details, check out the following:

Inspecting server-sent events

Server-sent events allow for an inversion of the traditional client-initiated web request model, with a server sending new data to a web page at any time by pushing messages. In this release we’ve added the ability to inspect server-sent events and their message contents using the Network Monitor.

You can go to the Network Monitor, select the file that is sending the server-sent events, and view the received messages in the Response tab on the right-hand panel.

For more information, check out our Inspecting server-sent events guide.

Web platform updates

Now let’s look at the web platform additions we’ve got in store in 82.

Media Session API

The Media Session API enables two main sets of functionality:

  1. First of all, it provides a way to customize media notifications. It does this by providing metadata for display by the operating system for the media your web app is playing.
  2. Second, it provides event handlers that the browser can use to access platform media keys such as hardware keys found on keyboards, headsets, remote controls, and software keys found in notification areas and on lock screens of mobile devices. So you can seamlessly control web-provided media via your device, even when not looking at the web page.

#developer tools #featured article #firefox #firefox releases #css #firefox #firefox 82 #firefox developer edition #firefox release #web extensions

Debugging Variables With Watchpoints in Firefox 72

The Firefox Devtools team, along with our community of code contributors, have been working hard to pack Firefox 72 full of improvements. This post introduces the watchpoints feature that’s available right now in Firefox Developer Edition! Keep reading to get up to speed on watchpoints and how to use them.

#debugging #developer tools #featured article #firefox #firefox releases #breakpoints #debugger #debugger for firefox #firefox devtools #firefox visual studio code extension #watchpoints

Tyrique  Littel

Tyrique Littel

1604016000

Embold Is Like Autocorrect For Code, Says Vishal Rai, Founder & CEO

In our digital world, software is king. In a world so heavily dependent on software, poor code quality can result in grave consequence, from billions of dollars in lost revenue, to even fatal accidents. Here’s where Embold comes in—a static code analysis product aimed at empowering developers to do their best work.

Embold is a general-purpose static code analyser that has been designed for developers to analyse and improve their code by identifying issues across four dimensions, including design and duplication. We, at Analytics India Magazine, spoke to founder and CEO, Vishal Rai, to understand how Embold can detect anti-patterns in code for seamless integration.

Embold started a decade ago, with the vision of creating a product that can revolutionise the way developers write and design code. According to Vishal Rai, the idea was to develop a tool for software engineers and developers to write code faster and of better quality. And, after a time of extensive research and development, Vishal Rai, along with his partner Sudarshan Bhide launched their product in 2018.


Play

“We have noticed an interesting trend — as teams started becoming bigger, the issues in software started increasing as well and it was very frustrating when you were on programs which weren’t achieving their stated goals because of poor quality,” said Rai. “And that’s where we saw the opportunity of helping companies to write the product as great as Google or Apple and decided to reinvent software analytics.”

Embold — Empowering Developers to Reach Their Highest Potential

Developers always undergo immense pressure of building their products faster at the best quality possible, and such pressure can lead to compromised code quality. This impact of one line of code or one weak link can create significant issues and can massively affect the entire company. And that is why Rai believes that developers need support in being more productive. With Embold, Vishal and Sudharshan brought in a technology that can help developers be more efficient in their work and make the process of software development easy. Explaining the technology, Rai compared it with “autocorrect for code.” He said, “If you look at the legacy tools, they were built for the waterfall model, aka linear-sequential life cycle model, where one release took six months which gave enough time to test the tools. But in the current time, everything is fast, and thus developers require tools that can help them work fast and give them feedback that can be easily implemented in their workflow.” And that’s where Embold’s platform fits into the workflow that helps them find problems and maintain their code.  As a matter of fact, Rai acknowledges that there have been many great tools, already in the market, but all of them have been created for great engineers. However, today, not every engineer is necessarily as experienced as others, and in such cases, it is imperative to make tools that are easy to use and help developers analyse their software. “Embold has been built for the future, the technologies that we have ingrained have neural networks, state-of-the-art in-memory databases and analysers that are far more evolved than legacy tools,” said Rai. “Embold has been created to enable people who aren’t as skilled to write better codes. Not only it fills the skills gap but also brings the new age developers closer to the best developers on the planet.”


#featured #bugs and errors in code #embold a autocorrect for code #embold find bugs and errors in code #embold for developers #embold help developers #embold maintains code quality #embold revolutionise writing code #static code analyser