Same-Origin Policy Bypass

seamonkey is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin policy bypass. Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin-policy bypass. A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site...

Same-Origin Policy Bypass

thunderbird is vulnerable to same-origin policy bypass. A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS...

CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

CVE-2019-9817

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-9797

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox 66...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2018-7160

It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the si...

CVE-2019-11742

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a canvas element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This...

Qulture.Rocks: XSS from arbitrary attachment upload.

Summary: The New Comment feature in the OKRs page allows a user to upload an arbitrary file. I was able to upload HTML file that contains Javascript code. The Javascript code will execute when victim access visits the attachment. Steps To Reproduce: 1. Upload an HTML file that contains javascript...

CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

DEBIAN-CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...