Lucene search
+L

511 matches found

prion
prion
added 2018/06/11 9:29 p.m.24 views

Cross site scripting

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5CVSS6.1AI score0.01288EPSS
Exploits0References5Affected Software2
cvelist
cvelist
added 2018/06/11 9:0 p.m.25 views

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

6.2AI score0.01288EPSS
Exploits0References5
cve
cve
added 2018/06/11 9:0 p.m.133 views

CVE-2018-5106

CVE-2018-5106 is a Firefox Developer Tools vulnerability affecting Firefox versions prior to 58. The issue allows a third‑party hosted service worker to leak style editor information when a user with DevTools open clicks error links, enabling cross‑origin data exposure of the editor. Affected pro...

5.3CVSS6AI score0.01288EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2018/06/11 9:0 p.m.32 views

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5.3CVSS7.4AI score0.01288EPSS
Exploits0
osv
osv
added 2018/05/27 11:26 a.m.9 views

OPENSUSE-SU-2018:1437-1 Security update for Chromium

This update for Chromium to version 66.0.3359.181 fixes the following issues: - CVE-2018-6118: Use after free in Media Cache bsc1091288 - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use...

10CVSS7.2AI score0.60304EPSS
Exploits10References72
nessus
nessus
added 2018/04/25 12:0 a.m.32 views

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

8.8CVSS7AI score0.09186EPSS
Exploits4References36
redhat
redhat
added 2018/04/23 12:36 p.m.5 views

chromium-browser: Same origin policy bypass in Service Worker

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01597EPSS
Exploits0References5
redhat
redhat
added 2018/04/23 12:36 p.m.6 views

chromium-browser: Same origin bypass in Service Worker

Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01597EPSS
Exploits0References5
redhat
redhat
added 2018/04/23 12:36 p.m.5 views

chromium-browser: CORS bypass in ServiceWorker

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01597EPSS
Exploits0References5
openvas
openvas
added 2018/04/21 12:0 a.m.37 views

openSUSE: Security Advisory for chromium (openSUSE-SU-2018:1042-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS6.6AI score0.09186EPSS
Exploits3References2
redhatcve
redhatcve
added 2018/04/18 9:20 a.m.31 views

CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

8.8CVSS4.7AI score0.01597EPSS
Exploits0References2
chrome
chrome
added 2018/04/17 12:0 a.m.33 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 66 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 66.0.3359.117 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...

9.6CVSS8.1AI score0.09186EPSS
Exploits4Affected Software1
ubuntucve
ubuntucve
added 2018/01/23 12:0 a.m.22 views

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5.3CVSS6.8AI score0.01288EPSS
Exploits0References3
osv
osv
added 2018/01/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5.3CVSS6.8AI score0.01288EPSS
Exploits0References4
nvd
nvd
added 2016/08/05 1:59 a.m.15 views

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

8.8CVSS9.4AI score0.03259EPSS
Exploits1References11
osv
osv
added 2016/08/05 1:59 a.m.4 views

DEBIAN-CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

8.8CVSS9AI score0.03259EPSS
Exploits1References1
cve
cve
added 2016/08/05 1:0 a.m.153 views

CVE-2016-5259

CVE-2016-5259 : A use-after-free in the Mozilla Firefox function CanonicalizeXPCOMParticipant allows remote code execution via a script that closes its own Service Worker inside a nested sync event loop. Affected: Firefox before 48.0 and Firefox ESR 45.x before 45.3. Impact per sources: arbitrary...

8.8CVSS9.2AI score0.03259EPSS
Exploits1References11Affected Software1
cvelist
cvelist
added 2016/08/05 1:0 a.m.22 views

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

9.3AI score0.03259EPSS
Exploits1References11
jakearchibald
jakearchibald
added 2016/08/04 8:57 a.m.11 views

Service worker meeting notes

On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...

6.4AI score
Exploits0
redhatcve
redhatcve
added 2016/08/03 4:48 a.m.28 views

CVE-2016-5259

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...

8.8CVSS6.7AI score0.03259EPSS
Exploits1References2
Rows per page
Query Builder