UBUNTU-CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

CVE-2016-5162

The CVE-2016-5162 entry describes a Chrome vulnerability in the AllowCrossRendererResourceLoad function (extensions/browser/url_request_util.cc) where the web_accessible_resources manifest field was not correctly restricting IFRAME usage. Affects Google Chrome prior to 53.0.2785.89 (Windows/OS X)...

CVE-2016-5160

The CVE-2016-5160 entry concerns Google Chrome/Chromium where the AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc does not properly enforce a manifest.json web_accessible_resources restriction on IFRAMEs, enabling clickjacking schemes and user setting changes via...

CVE-2016-5160

Removed by vendor...

CVE-2016-5162

Removed by vendor...

Legal Robot: clickjacking at http://mailboxes.legalrobot-uat.com/

Clickjack test Website is vulnerable to clickjacking!...

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

Legal Robot: UI Redressing ( ClickJacking ) Issue on Information submit form

I found that There is a Form for Submitting User Information for applying for Beta Program. But this has NO Protection against Clickjacking Issue & also this form needs the following inputs that can b somewhat useful for an attacker. Information Like: Name: Email: Company Following is HTML code i...

SAP Utility Customer E-Services Clickjacking Vulnerability

SAP Utility Customer E-Services is a j2ee-based Web application. A clickjacking vulnerability exists in SAP Utility Customer E-Services, which could be exploited by an attacker to compromise an affected application or gain access to sensitive information...

Legal Robot: Clickjacking: X-Frame-Options header missing

Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their...

IBM Financial Transaction Manager Clickjacking Vulnerability

IBM Financial Transaction Manager FTM is a financial transaction manager from IBM Corporation in the United States that is used to monitor, track and report on financial payments and transactions. A clickjacking vulnerability exists in IBM Financial Transaction Manager FTM versions 3.0.0.0 throug...

IBM Jazz Reporting Service Clickjacking Vulnerability

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...

Cybozu Mailwise Clickjacking Vulnerability

Cybozu Mailwise is a Web-based e-mail system from Cybozu. A clickjacking vulnerability exists in Cybozu Mailwise versions 5.0.0 through 5.3.2. An attacker could exploit this vulnerability to compromise an affected application and obtain sensitive information...

Cybozu Mailwise contains issue in preventing clickjacking attacks

Overview Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...

openSUSE Security Update : hawk2 (openSUSE-2016-971)

This update for hawk2 fixes one security issue and one bug. The following security change is included : - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed : - In the Wizards UI, prevent text display issues...

openSUSE: Security Advisory for hawk2 (openSUSE-SU-2016:2028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for hawk2 (important)

This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed: - In the Wizards UI, prevent text display issues du...