511 matches found
Cross site scripting
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
CVE-2018-5106
CVE-2018-5106 is a Firefox Developer Tools vulnerability affecting Firefox versions prior to 58. The issue allows a third‑party hosted service worker to leak style editor information when a user with DevTools open clicks error links, enabling cross‑origin data exposure of the editor. Affected pro...
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
OPENSUSE-SU-2018:1437-1 Security update for Chromium
This update for Chromium to version 66.0.3359.181 fixes the following issues: - CVE-2018-6118: Use after free in Media Cache bsc1091288 - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use...
FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)
Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...
chromium-browser: Same origin policy bypass in Service Worker
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
chromium-browser: Same origin bypass in Service Worker
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
chromium-browser: CORS bypass in ServiceWorker
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
openSUSE: Security Advisory for chromium (openSUSE-SU-2018:1042-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 66 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 66.0.3359.117 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
UBUNTU-CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
DEBIAN-CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
CVE-2016-5259
CVE-2016-5259 : A use-after-free in the Mozilla Firefox function CanonicalizeXPCOMParticipant allows remote code execution via a script that closes its own Service Worker inside a nested sync event loop. Affected: Firefox before 48.0 and Firefox ESR 45.x before 45.3. Impact per sources: arbitrary...
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
Service worker meeting notes
On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...