CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2020-6420

CVE-2020-6420 affects Google Chrome (media component). The issue is insufficient policy enforcement that allows a remote attacker to bypass the same-origin policy via a crafted HTML page, enabling information disclosure and potential further actions. Affected versions are Chrome before 80.0.3987....

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

GLSA-202003-22 : WebkitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-22 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, cause a...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-16693)

Mozilla Firefox Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An information disclosure vulnerability exists in Mozilla Firefox versions prior to 74. The vulnerability can be exploited to read local files via a fetch request from a web extension with all-urls...

chromium-browser: Insufficient policy enforcement in media

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Insecure Cross-Origin Resource Sharing Configuration

Cross Origin Resource Sharing CORS is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to...

[ASA-202002-10] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-202002-10 ========================================== Severity: High Date : 2020-02-17 CVE-ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Package : webkit2gtk Type : multiple issues Remote : Yes Link :...

Nord Security: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information

Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. Description: An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy ...

HackerOne: 404-response contains debug-information with all headers

Summary: When requesting a page that does not exist under www.hackerone.com the page returns a hidden HTML-element debugData that reflects all headers in the GET-request, including http-only cookies. Description: This in itself is not a serious vulnerablity, but as the program description mention...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1126)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1125)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2019-1571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Lyst: Subdomain takeover of storybook.lystit.com

Summary: The subdomain storybook.lystit.com had an CNAME record pointing to an unclaimed S3 bucket. This is a high severity security issue because an attacker can register the bucket on AWS and therefore can serve her own content on the subdomain. This allows for various attacks. Description: The...