139 matches found
3: Untrusted content loaded via the API proxy can access web console credentials on the same domain
An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized accesstoken was provided in t...
CVE-2016-3703
An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized accesstoken was provided in t...
USN-2770-1 oxide-qt vulnerabilities
It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...
Google Chrome Blink 'shouldTreatAsUniqueOrigin' Function Information Disclosure Vulnerability
Google Chrome is an open source WEB browser. The 'shouldTreatAsUniqueOrigin' function in the platform/weborigin/SecurityOrigin.cpp file in Blink used by Google Chrome fails to ensure that the LocalStorage resources have a unique origin, allowing remote attackers to obtain sensitive information...
chromium-browser: Information leakage in LocalStorage
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
Information disclosure
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
CVE-2015-6759
Removed by vendor...
UBUNTU-CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 24 security fixes in this release, including: 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. 529520 High CVE-2015-6757: Use-after-free in ServiceWorker...
Mail.ru: localStorage не чистится после выхода
Steps to reproduce: 1. Идем https://e.mail.ru/login 2. Авторизуемся и при этом снимаем галочку с чекбоска "запомнить почту" не обязательно, в принципе 3. После удачной авторизации жмём "Выход" 4. После того как вышли, идем опять https://e.mail.ru/login 5. Смотрим локальное хранилище localStorage...
Apple Safari 'Webkit' Information Disclosure Vulnerability - Mac OS X
Apple Safari is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...
Apple Safari 'Webkit' Information Disclosure Vulnerability (APPLE-SA-2013-10-22-2) - Windows
Apple Safari is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...
CVE-2013-5130
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files...
Design/Logic Flaw
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files...
CVE-2013-5130
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files...
CVE-2013-5130
CVE-2013-5130 affects Apple Safari/WebKit prior to version 6.1 (Windows and Mac OS X platforms). The flaw occurs when the Web Inspector is launched, which disables Private Browsing, allowing context-dependent attackers to potentially obtain browsing information by leveraging LocalStorage/files. T...