Stripo Inc: No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address

Summary: There's no CSRF protection in confirmation email resending feature as a result of which an attacker can trick the victim to receive a confirmation email unknowingly. In other features of the website, the content-type must be "application/json", and there is same-origin policy, which...

DEBIAN-CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-13682

CVE-2019-13682 affects Google Chrome prior to 77.0.3865.75, where insufficient policy enforcement in external protocol handling allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Public report describes this in Chrome/Chromium context; Debian advisories note fixes...

CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Debian DSA-4562-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5869 Zhe Jin discovered a use-after-free issue. - CVE-2019-5870 Guang Gong discovered a use-after-free issue. - CVE-2019-5871 A buffer overflow issue was discovered in the skia library. - CVE-2019-5872 Zhe Jin...

Security update for MozillaFirefox, MozillaFirefox-branding-SLE (important)

openSUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: openSUSE-SU-2019:2459-1 Rating: important References: 1104841 1129528 1137990 1149429 1151186 1153423 1153869 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759...

Security update for MozillaFirefox, MozillaFirefox-branding-SLE (important)

openSUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Announcement ID: openSUSE-SU-2019:2451-1 Rating: important References: 1104841 1129528 1137990 1149429 1151186 1153423 1153869 1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759...

USN-4165-2 firefox regressions

USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Google Chrome suffers from an unspecified vulnerability (CNVD-2019-38296)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions of Google Chrome prior to 77.0.3865.75, which can be exploited by attackers to bypass the same-origin policy...

chromium-browser: Site isolation bypass

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

[ASA-201910-16] firefox: multiple issues

Arch Linux Security Advisory ASA-201910-16 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2018-6156 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-11765 CVE-2019-15903 CVE-2019-17000...

[ASA-201910-15] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201910-15 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Package : thunderbird Type : multiple issues...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

USN-4165-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting XSS attacks,...