64 matches found
EUVD-2016-6201
Malware in sbrugna...
EUVD-2017-6871
Malware in sbrugna...
EUVD-2021-17814
Malware in sbrugna...
SUSE CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
SUSE CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
Mozilla Firefox Security Advisory (MFSA2016-84) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
Design/Logic Flaw
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
UBUNTU-CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...
CVE-2021-30897
CVE-2021-30897 : The issue is in the resource timing API specification; the updated spec was implemented. It is fixed in macOS Monterey 12.0.1. A malicious site could exfiltrate cross-origin data via resource timing timing data. The connected advisories (MiracleLinux/Alibaba/Tencent/Ten able) rei...
NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)
The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting a...
Information Disclosure
Firefox is vulnerable to information disclosure attacks. A remote user could trigger a same-origin policy bypass in the Resource Timing API to view potentially sensitive URLs on the target user's system...
Information Disclosure
firefox is vulnerable to information disclosure attacks. The vulnerability exists as Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...
Google Chrome Information Disclosure Vulnerability (CNVD-2018-20146)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the Resource Timing API in Google Chrome versions prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by a remote attacker to...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
Design/Logic Flaw
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...
CVE-2017-15419
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...