CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

How your Opera browser keeps you safe from spyware and other cyber threats

Privacy, Security How your Opera browser keeps you safe from spyware and other cyber threats Share August 11th, 2023 Hi everyone! In our digital age, your online security is often under threat. From phishing scams to spyware and direct hacking attempts, your personal data is often in the crosshai...

Sentry CORS misconfiguration

Impact The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by...

Debunking misinformation about Opera’s browsers

Privacy, Security Debunking misinformation about Opera’s browsers Share July 6th, 2023 At Opera, we take the privacy and security of our users very seriously. As a European company, we have to be compliant with the GDPR – one of the strongest, if not the strongest, data protection frameworks in t...

Security Vulnerabilities fixed in Firefox 115 — Mozilla

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. An attacker could have triggered a use-after-free...

GHSA-77MV-4RG7-R8QV Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

The nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cookies being inadvertently exposed to such services that should not see them. The patched...

Fedora 28 : qutebrowser (2018-61dbd4a787)

This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...

Code injection

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie...

CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie...

CVE-2012-0640

CVE-2012-0640 concerns WebKit in Apple Safari prior to 5.1.4. The issue is that the browser does not properly implement the policy to block cookies from third parties and advertisers, allowing remote web servers to track users via cookies. The vulnerability is rooted in how Safari handles cross-s...

Privacy (Cookie Blocking)

The Privacy tab contains settings for cookies. Cookies are text files placed on your computer by various sites that you visit either directly first-party or indirectly third-party through ad banners, for example. A cookie can contain any data that a site wishes to store. It is often used to track...

Apple Safari finally gets a malware blocker

After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV extended validation certificates into the latest refresh of its Safari Web browser. The malware roadblock headlines a list of Safari 4 security features th...