RHEL 7 : thunderbird (RHSA-2019:0160)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0160 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fixes: Mozilla:...

Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

USN-3868-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code...

USN-3868-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code...

How Web Apps Can Turn Browser Extensions Into Backdoors

Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by an adversary that can steal sensitive browser data and plant arbitrary files on targeted...

Mozilla Firefox 64 Information Disclosure Exploit

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker. Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Teste...

Mozilla Firefox 64 Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-041 Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Tested Versions: 61, 62, 63, 64 Vulnerability Type: Information Exposure CWE-200 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2018-07-19...

Same-Origin Policy Bypass

Mozilla Firefox is vulnerable to same-origin policy bypass. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, wh...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution attacks. The vulnerability exists as Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via...

Google Chrome Blink Security Bypass Vulnerability (CNVD-2019-03550)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 66.0.3359.117, which stems from the program's...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Design/Logic Flaw

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-16072

CVE-2018-16072 relates to Chrome/Blink where a missing origin check in HLS manifests could bypass the same-origin policy via a crafted HTML page. Affected software is Google Chrome (Blink engine); vulnerable builds are prior to Chrome/Chromium version 69.0.3497.81. The underlying issue is a failu...

CVE-2018-16072

Removed by vendor...

CVE-2018-18511

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox 65.0.1...

UBUNTU-CVE-2018-18511

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected.. This vulnerability affects Firefox 65.0.1...