4 matches found
CVE-2017-2493
CVE-2017-2493 corresponds to a WebKit/Safari vulnerability where loading an HTMLObjectElement could bypass Same Origin Policy via crafted objects and JavaScript URLs, enabling potential cross-origin information leakage. The Seebug writeup provides a PoC and notes SOP checks in HTMLPlugInImageElem...
WebKit: UXSS through HTMLObjectElement::updateWidget(CVE-2017-2493)
When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins ... String url = this-url; ... if !allowedToLoadFrameURLurl return;...
WebKit HTMLObjectElement::updateWidget Universal XSS
WebKit: UXSS through HTMLObjectElement::updateWidget CVE-2017-2493 When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins...
About the security content of iCloud for Windows 6.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...