SUSE CVE-2014-1701

The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...

Apple Safari WebKit Remote Code Execution Vulnerability

Apple Safari is a web browser from Apple, and is the default browser that comes with the Mac OS X and iOS operating systems.WebKit is a set of open-source web browser engines developed by KDE, Apple, and Google, and is currently used by Apple Safari and Google Chrome, among other browsers. Google...

CVE-2014-1701

The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...

Session fixation

The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...

CVE-2014-1701

The CVE-2014-1701 issue affects Blink in Google Chrome prior to 33.0.1750.149. The root cause is a missing cross-origin restriction in GenerateFunction (bindings/scripts/code_generator_v8.pm) for EventTarget::dispatchEvent, enabling Universal XSS via events. Public references in Debian/openSUSE a...