chromium-browser: Cross-origin bypass in DOM

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768...

CVE-2007-5653

The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...

Google Chrome DOM Homology Bypass Vulnerability

Google Chrome is a WEB-based browser. A vulnerability in the Google Chrome Blink implementation allows remote attackers to construct malicious WEB pages that can be tricked into parsing by users, which can bypass the same-origin policy and execute special script code...

chromium-browser: Cross-origin bypass in DOM

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code on the client side

The vulnerability of the CSPService::ShouldLoad function in Firefox browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the client side by manipulating the DOM objects...

The vulnerability of the Thunderbird email client, allowing a hacker to execute arbitrary code on the client side

The vulnerability of the CSPService::ShouldLoad function in the Thunderbird email client is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the client side by manipulating the DOM objects...

The vulnerability of the Firefox ESR browser allows a hacker to execute arbitrary code on the client side.

The vulnerability of the CSPService::ShouldLoad function in Firefox ESR browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the client side by manipulating the DOM objects...

Firefox 39 Out With Patches for Four Critical Vulnerabilities

Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs. IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous...

Use-after-free in Content Policy due to microtask execution error — Mozilla

Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash...

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

UBUNTU-CVE-2015-4598

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

Multiple Cisco Products Cross-Site Scripting Vulnerabilities

Cisco AnyConnect Secure Mobility Client is a mobile client VPN tool.Cisco HostScan Engine is a host scanning engine. Cisco AnyConnect Secure Mobility Client and Cisco Host Scan fail to properly validate URLs used to construct applet paths in the DOM, allowing attackers to conduct cross-site...

chromium-browser: use-after-free in DOM

Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper...

USN-2476-1 oxide-qt vulnerabilities

Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process...

Unspecified Vulnerability in Oracle Siebel Core - Server BizLogic Script Component

Oracle Siebel is a customer relationship management software. A security vulnerability in the Oracle Siebel Core - Server BizLogic Script component Integration - COM child allows remote attackers to exploit the vulnerability to compromise system integrity...

chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other...

More Details About CVE-2014-4073 Elevation of Privilege Vulnerability

Today Microsoft shipped MS14-057 to the .NET Framework in order to resolve an Elevation of Privilege vulnerability in the ClickOnce deployment service. While this update fixes this service, developers using Managed Distributed Component Object Model a .NET wrapped around DCOM need to take immedia...

Debian DSA-3039-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. - CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...

Mozilla Suite And Firefox DOM Property Overrides Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13645/info Mozilla Suite and Mozilla Firefox are affected by a code-execution vulnerability. This issue is due to a failure in the application to properly verify Document Object Model DOM property values. An attacker may...

MS Internet Explorer 5/6 Unauthorized Document Object Model Access Vulnerability

No description provided by source...