370 matches found
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150113)
Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2014-8634, CVE-2014-8639 It was found that the Beacon interface...
firefox, xulrunner security update
CentOS Errata and Security Advisory CESA-2015:0046 Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring...
Mozilla Thunderbird < 31.4 Multiple Vulnerabilities (Mac OS X)
The version of Thunderbird installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...
Firefox ESR 31.x < 31.4 Multiple Vulnerabilities (Mac OS X)
The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon'...
Critical: Red Hat Security Advisory: firefox security and bug fix update
Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Factlink: HTML5 cross-origin resource sharing
Issue: HTML5 cross-origin resource sharing Host: https://staging.factlink.com Path: /about Issue detail The application implements an HTML5 cross-origin resource sharing CORS policy for this request which allows access from any domain. Allowing access from all domains means that any domain can...
Use the csrf vulnerability to upload files-the vulnerability warning-the black bar safety net
Everyone knows that the commonly used csrf to upload a file is not very simple. The problem is that we create a fake form submission data with browser file upload to submit the data a little different. That is the upload request will have a filename parameter: -----------------------------2 5 6 6...
cors_origin
Inspect if application check that the value of the "Origin" HTTP header is consistent with the value of the remote IP address/Host of the sender of the incoming HTTP request. Configurable parameters are: originheadervalue Note : This plugin is useful to test "Cross Origin Resource Sharing CORS"...
Opera < 12.13 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. 1042 - A use-after-free error exists...
CVE-2012-6462
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...
Cross site scripting
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...
opera -- multiple vulnerabilities
Opera reports: CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target...
CORS requests can incorrectly retrieve contents of cross origin pages
CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the...
http-cors NSE Script
Tests an http server for Cross-Origin Resource Sharing CORS, a way for domains to explicitly opt in to having certain methods invoked by another domain. The script works by setting the Access-Control-Request-Method header field for certain enumerated methods in OPTIONS requests, and checking the...
Fedora Core 10 FEDORA-2009-11488 (qt)
The remote host is missing an update to qt announced via advisory FEDORA-2009-11488. OpenVAS Vulnerability Test $Id: fcore200911488.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-11488 qt Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
Fedora Core 11 FEDORA-2009-11491 (qt)
The remote host is missing an update to qt announced via advisory FEDORA-2009-11491. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Fedora Core 12 FEDORA-2009-11487 (qt)
The remote host is missing an update to qt announced via advisory FEDORA-2009-11487. OpenVAS Vulnerability Test $Id: fcore200911487.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-11487 qt Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
Fedora 12 : qt-4.5.3-9.fc12 (2009-11487)
A security flaw was found in the WebKit's Cross-Origin Resource Sharing CORS implementation. Multiple security flaws integer underflow, invalid pointer dereference, buffer underflow and a denial of service were found in the way WebKit's FTP parser used to process remote FTP directory listings. No...
Fedora 10 : qt-4.5.3-9.fc10 (2009-11488)
A security flaw was found in the WebKit's Cross-Origin Resource Sharing CORS implementation. Multiple security flaws integer underflow, invalid pointer dereference, buffer underflow and a denial of service were found in the way WebKit's FTP parser used to process remote FTP directory listings. No...
Cross site request forgery (csrf)
The implementation of Cross-Origin Resource Sharing CORS in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to...