4124 matches found
Information disclosure
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
UBUNTU-CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
SUSE-SU-2015:2184-1 Recommended update for git
The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules bsc948969...
SUSE SLES12 Security Update : git (SUSE-SU-2015:2025-1)
The git package was updated to fix the following security issue : - Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...
openSUSE Security Update : git (openSUSE-2015-737)
Git was updated to fix one security issue. The following vulnerability was fixed : - boo948969: remote code execution with recursive fetch of submodules %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...
USN-2770-1 oxide-qt vulnerabilities
It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...
FreeBSD : firefox -- Cross-origin restriction bypass using Fetch (79c68ef7-c8ae-4ade-91b4-4b8221b7c72a)
Firefox Developers report : Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently report...
Ubuntu 14.04 LTS : Firefox vulnerability (USN-2768-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2768-1 advisory. Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were...
CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
UBUNTU-CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
Cross site scripting
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-06764)
Google Chrome is an open source WEB browser. Google uses Blink in the Cascading Style Sheets CSS implementation of the core/css/CSSFontFaceSrcValue.cpp file in the 'CSSFontFaceSrcValue::fetch ' function in the core/css/css/CSSFontFaceSrcValue.cpp file contains a security vulnerability that can be...
USN-2768-1 firefox vulnerability
Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from oth...
USN-2768-1: Firefox vulnerability
Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from oth...
firefox: cross-origin restriction bypass
Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...
Firefox < 41.0.2 'fetch' API Cross-Origin Bypass (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is prior to 41.0.2. It is, therefore, affected by a cross-origin restriction bypass vulnerability in the fetch API due to an incorrect implementation of the Cross-Origin Resource Sharing CORS specification. A remote attacker can exploit...
Firefox < 41.0.2 'fetch' API Cross-Origin Bypass
The version of Firefox installed on the remote Windows host is prior to 41.0.2. It is, therefore, affected by a cross-origin restriction bypass vulnerability in the fetch API due to an incorrect implementation of the Cross-Origin Resource Sharing CORS specification. A remote attacker can exploit...