6799 matches found
CVE-2026-9115
CVE-2026-9115 : In Google Chrome, the Service Worker policy enforcement is insufficient prior to 148.0.7778.179, permitting a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected: Chrome/Chromium's Service Worker. Impact is a potential cross-origin bypass as describe...
CVE-2026-9115
Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-9115
Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...
Astra Linux - уязвимость в firefox, thunderbird
A violation of the same-origin policy could have allowed the theft of cross-origin URL entries, leading to the leakage of the results of a redirect, through the use of performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
Astra Linux - уязвимость в firefox, thunderbird
Bypass of the same-origin policy in the Layout component. This vulnerability has been fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Astra Linux - уязвимость в firefox, thunderbird
Bypass of the same-origin policy in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Processing maliciously crafted web content may bypass the Same Origin Policy...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
Bypass of the same-origin policy in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux - уязвимость в webkit2gtk
The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. A website may be able to bypass the Same Origin Policy...
Astra Linux - уязвимость в firefox
A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...
Astra Linux - уязвимость в firefox, thunderbird
Bypass of the same-origin policy in the Graphics:Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass the same-origin policy and proxy settings through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в firefox, thunderbird
The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while maintaining the visual properties of an HTTP connection. This means that the connection remains within the same origin as unencrypted connections on port 80. However, if a second...
Astra Linux - уязвимость в chromium
Inappropriate implementation in navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass the same-origin policy through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в webkit2gtk
A logic issue has been addressed through improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2, and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may allow bypass of the...
Astra Linux - уязвимость в chromium
Inappropriate implementations of WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
Bypass of the same-origin policy in the DOM: Notification component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
Astra Linux - уязвимость в firefox, thunderbird
Offscreen Canvas did not properly prevent cross-origin tampering, which could have been used to access image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...