3 matches found
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 3.1.1 through 4.0.1, which stems from a failure to perform cross-domain checks in the HTTP/3 redirect handler, potentially leading to the disclosure of sensitive data...
FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)
The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...
Cross-domain checks may be bypassed, allowing limited data theft using CSS
CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read b...