Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

Google Chrome Security Bypass Vulnerability (CNVD-2019-03619)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 69.0.3497.81. The vulnerability can be exploited ...

The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

Mozilla Firefox Security Advisories (MFSA2018-18, MFSA2018-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Security vulnerabilities fixed in Firefox ESR 60.2 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...

Security vulnerabilities fixed in Firefox 62 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...

Mozilla Firefox < 61 Multiple Vulnerabilities

Binary data 700330.prm...

Mozilla Firefox < 59 Multiple Vulnerabilities

Binary data 700328.prm...

See how I found the Yahoo XSSi vulnerability to achieve the user information stealing-vulnerability warning-the black bar safety net

! Find some specific categories of vulnerability is composed of two key parts, that is the vulnerability the cognitive as well as mining the degree of difficulty. Cross-site script contains a vulnerabilityXSSi in a recognized security standards OWASP TOP 10 and is not mentioned, but it is also no...

Same Origin Policy Bypass

libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl's cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain...

RHEL 6 : chromium-browser (RHSA-2018:2282)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2282 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 68.0.3440.75. Security Fixes:...

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

chromium-browser: Same origin policy bypass in WebAudio

Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

chromium-browser: Cross origin information leak in Blink

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

FreeBSD : chromium -- multiple vulnerabilities (b9c525d9-9198-11e8-beba-080027ef1a23)

Google Chrome Releases reports : 42 security fixes in this release, including : - 850350 High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 - 848914 High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 -...