SUSE CVE-2011-3072

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows...

SUSE CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

SUSE CVE-2011-3649

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...

SUSE CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures...

SUSE CVE-2011-3956

The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension...

SUSE CVE-2011-4682

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites...

SUSE CVE-2011-4681

Opera before 11.60 does not properly consider the number of . dot characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as...

SUSE CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

SUSE CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

SUSE CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

SUSE CVE-2012-1926

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the 1 history.pushState and 2 history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information...

SUSE CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting XSS attacks by leveraging initial-origin access after document.domain has been set...

SUSE CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have...

SUSE CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

SUSE CVE-2012-4192

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193...

SUSE CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats...

SUSE CVE-2012-5146

Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL...

SUSE CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to...

SUSE CVE-2013-0795

The System Only Wrapper SOW implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote...

SUSE CVE-2013-1693

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by...