18 matches found
GraphQL API endpoint ignores CORS origin restriction
Impact The GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This bypasses origin restrictions that operators configure to control which websites can interact with the Parse Server API. The REST API correctly...
EUVD-2014-1775
Malware in sbrugna...
Mozilla Firefox Security Advisory (MFSA2015-115) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
thunderbird: multiple issues
CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...
Mozilla Firefox Cross-Origin Restriction Bypass Vulnerability (Oct 2015) - Mac OS X
Mozilla Firefox is prone to cross-origin restriction bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:1817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : firefox -- Cross-origin restriction bypass using Fetch (79c68ef7-c8ae-4ade-91b4-4b8221b7c72a)
Firefox Developers report : Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently report...
Apple Patches Keynote, Mozilla Patches Firefox
Apple on Thursday patched a handful of vulnerabilities in several iterations of its Keynote, Pages, Numbers and iWork productivity software. The most serious of the security flaws allow an attacker to execute code on a compromised OS X computer running Yosemite 10.10.4 or later, or iOS 8.4 or lat...
Cross-origin restriction bypass using Fetch — Mozilla
Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Session fixation
The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...
CVE-2014-1701
The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...
CVE-2014-1701
The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...
CVE-2014-1701
The CVE-2014-1701 issue affects Blink in Google Chrome prior to 33.0.1750.149. The root cause is a missing cross-origin restriction in GenerateFunction (bindings/scripts/code_generator_v8.pm) for EventTarget::dispatchEvent, enabling Universal XSS via events. Public references in Debian/openSUSE a...
CVE-2014-1701
Removed by vendor...
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
Binary data 6961.pasl...
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
Binary data 801428.prm...
Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.95. It is, therefore, affected by multiple vulnerabilities : - A cross-origin restriction bypass error exists related to HTML frames. CVE-2013-2881 - A type-confusion error exists in the V8 JavaScript engine...