CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)

Mozilla Foundation reports : MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

UBUNTU-CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

Information disclosure of disabled plugins through CSS pseudo-classes — Mozilla

Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system,...

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

CVE-2016-1692

CVE-2016-1692 concerns WebKit/Blink: StyleSheetContents.cpp in Blink, used by Google Chrome prior to 51.0.2704.63, allows a ServiceWorker to cause cross-origin loading of CSS stylesheets even when the stylesheet has an incorrect MIME type. This enables bypassing the Same Origin Policy via a craft...

CVE-2016-1692

Removed by vendor...

[SECURITY] Fedora 23 Update: roundcubemail-1.2.0-1.fc23

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

chromium-browser: limited cross-origin bypass in serviceworker

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

BurpSuiteJSBeautifier - Burp Suite JavaScript Beautifier

Most of the websites compress their resources such as JS files in order to increase the loading speed. However, security testing and debugging a compressed resource is not an easy task. This is a Burp Suite open source extension which makes it possible to beautify most of the resources properly...

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

UBUNTU-CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

KLA10816 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information or conduct another unknown impact. Below is a complete list of vulnerabilities: 1. Multiple...

Support drag-and-drop“click-hijacking vulnerability in”using the tools: CJExploiter-vulnerability warning-the black bar safety net

CJExploiter is a support drag-and-drop Clickjacking vulnerability using an auxiliary tool. First, in the local use browser to open“index.html”, enter the target URL and click on“View Site”to. You can customize the JS, and finally click on the“Exploit it”, you will be able to get the POC. !...

TYPO3 Multiple Vulnerabilities-02 (May 2016)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

WordPress Safe Editor Plugin <= 1.1 - Multiple Vulnerabilities

This plugin is prone to an unauthenticated CSS and JS injection. The attackers can inject whatever they want when "wpfooter" and "wphead" is called, because "sesave" function is not sanitized. Solution Update the plugin...

safe-editor <= 1.1 - Unauthenticated CSS/JS-injection

When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. PoC In the file "index.php" in root folder on line 188 and 189 you can see that both...

[SECURITY] Fedora 23 Update: roundcubemail-1.1.5-1.fc23

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...