12 matches found
openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)
This update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-575...
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)
This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-5753...
Ubuntu: Security Advisory (USN-3460-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-7089
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that is mishandl...
CVE-2017-7089
CVE-2017-7089 affects WebKit in iOS before 11, Safari before 11, and iCloud for Windows 7.0; a logic/UXSS issue in parent-tab handling can enable universal cross-site scripting. Root cause: mishandling of the parent-tab flow in WebKit/Safari. Impact: UXSS across visiting sites; potential for arbi...
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities
WebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution, memory corruption, cookie theft, and various other issues. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory...
CVE-2017-7089
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that is mishandl...
Apple Safari uxss(CVE-2017-7089)
CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Safari 10 Local SOP bypass html function Pewvar...
Safari 10 Local SOP bypass Vulnerability
Exploit for macOS platform in category local exploits Safari 10 Local SOP bypass Vulnerability CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed...
Webkit (Safari) - Universal Cross-site Scripting
function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...
Webkit (Safari) - Universal Cross-site Scripting
Webkit Safari - Universal Cross-site Scripting function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...
macOS : Apple Safari < 11.0 Multiple Vulnerabilities
The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0. It is, therefore, affected by multiple vulnerabilities as described in the HT208116 security advisory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid103360;...