CVE-2018-5326

CVE-2018-5326 affects Cheetah Mobile CM Browser 5.22.06.0012 on older Android platforms, described as a Same Origin Policy bypass . External documents confirm the vulnerability exists in this specific version, enabling cross-origin policy circumvention. The CVSS data provided indicates a network-...

Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3530-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3530-1 advisory. It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be...

CVE-2017-18016

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine reusing the current website's token, which is not bound to an origin...

CVE-2017-18016

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine reusing the current website's token, which is not bound to an origin...

Design/Logic Flaw

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine reusing the current website's token, which is not bound to an origin...

CVE-2017-18016

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine reusing the current website's token, which is not bound to an origin...

CVE-2017-18016

Parity Browser 1.6.10 and earlier is vulnerable to a Same Origin Policy bypass via its web proxy engine, which reuses the current site’s token not bound to an origin. An attacker could remotely obtain sensitive information by requesting other sites through the proxy. Affected component: Parity Br...

USN-3530-1 webkit2gtk vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

Parity Browser < 1.6.10 - Bypass Same Origin Policy Vulnerability

Exploit for multiple platform in category local exploits VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech...

Parity Browser 1.6.10 - Bypass Same Origin Policy

Parity Browser 1.6.10 - Bypass Same Origin Policy VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech References:...

Parity Browser &lt; 1.6.10 - Bypass Same Origin Policy

VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech References: https://parity.io/ 1 Version: 1.6.8 Latest Version...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3516-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3516-1 advisory. It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that...

FreeBSD : mozilla -- Speculative execution side-channel attack (8429711b-76ca-474e-94a0-6b980f1e2d47)

Mozilla Foundation reports : Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated tha...

USN-3516-1 firefox vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

Mozilla Firefox Security Advisories (MFSA2018-01, MFSA2018-01) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisories (MFSA2018-01, MFSA2018-01) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Ubuntu: Security Advisory (USN-3516-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3477-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mozilla -- Speculative execution side-channel attack

Mozilla Foundation reports: Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that...

Speculative execution side-channel attack ("Spectre") — Mozilla

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web pag...