248 matches found
CVE-2017-17859
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...
Design/Logic Flaw
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS
From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using...
CVE-2017-17859
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...
Exploit for Cross-site Scripting in Google Chrome
CVE-2017-5124 UX...
Debian DSA-4020-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...
Debian: Security Advisory (DSA-4020-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : chromium (openSUSE-2017-1221)
This update to Chromium 62.0.3202.75 fixes the following security issues : - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...
Security update for chromium (important)
This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after...
chromium-browser: uxss with mhtml
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...
Webkit (Chome 61) - MHTML Universal Cross-site Scripting
Webkit Chome 61 - MHTML Universal Cross-site Scripting MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location:...
Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com alert'Location origin:...
Code injection
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...
CVE-2017-7678
CVE-2017-7678 affects Apache Spark up to version 2.2.0, where the web UI may reflect user-supplied data (including MHTML) back to the user. The root cause is improper validation of input by the Spark web UI, allowing an attacker to lure a user into a link pointing to a shared Spark cluster and tr...
MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011
MS11-037: Vulnerability in MHTML could allow information disclosure: June 14, 2011 INTRODUCTION Microsoft has released security bulletin MS11-037. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...
The vulnerability of Google Chrome browser allows a malicious individual to inject any web script or HTML code they desire.
The Google Chrome browser contains a vulnerability related to cross-site scripting XSS in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp of Blink. Exploiting this vulnerability allows malicious actors to inject any web script or HTML code, using specially crafte...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability of the PageCaptureSaveAsMHTMLFunction::ReturnFailure function browser/extensions/api/pagecapture/pagecaptureapi.cc in the Google Chrome browser is related to code errors. Exploiting this vulnerability may allow an attacker to cause service failures or potentially other effects d...
chromium-browser: various fixes from internal audits
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...
Google Chrome PageCaptureSaveAsMHTMLFunction::ReturnFailure Denial of Service Vulnerability
Google Chrome is a web browsing tool developed by Google. Google Chrome versions prior to 49.0.2623.108, browser/extensions/api/pagecapture/pagecaptureapi.cc/PageCaptureSaveAsMHTMLFunction:. A denial of service vulnerability exists in the ReturnFailure implementation, which can be exploited by...
CVE-2016-1650
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...