UBUNTU-CVE-2017-7788

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Mozilla Firefox Security Advisories (MFSA2017-18, MFSA2017-19) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

UBUNTU-CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...

Mozilla Fixes 29 Vulnerabilities in Firefox, Makes Flash Click-To-Activate

Mozilla fixed three critical vulnerabilities when it released Firefox 55 on Tuesday, including bugs that could have triggered a crash of the browser and allowed for the execution of arbitrary code. The code execution vulnerability stems from an XUL injection vulnerability due to improper...

CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...

Microsoft Edge Security Bypass Vulnerability (CNVD-2017-23794)

Microsoft Windows 10 is a set of next-generation cross-platform operating systems released by Microsoft Corporation in the U.S. It is available for PCs and laptops, tablets, and cell phones, among other devices.Microsoft Edge is one of the default browsers that comes with the system. A security...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

Debian: Security Advisory (DSA-3928-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security feature bypass

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability"...

CVE-2017-8650

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability"...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

Security vulnerabilities fixed in Firefox 55 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

Security fix for the ALT Linux 10 package firefox-esr version 52.3.0-alt1

Aug. 8, 2017 Andrey Cherepanov 52.3.0-alt1 - New ESR version 52.3.0 - Security fixes: + CVE-2017-7798: XUL injection in the style editor in devtools + CVE-2017-7800: Use-after-free in WebSockets during disconnection + CVE-2017-7801: Use-after-free with marquee during window resizing +...

http-jsonp-detection NSE Script

Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. The script searches for callback functions in the response to detect JSONP endpoints. It also tries to determine callback function through URLcallback functi...

Design/Logic Flaw

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

CVE-2017-12581

CVE-2017-12581 affects GitHub Electron before 1.6.8, where a nodeIntegration bypass can bypass the Same Origin Policy and allow remote command execution. A privileged chrome-devtools:// URL could eval Node.js primitives (e.g., child_process.execFile), enabling OS commands on the user’s host. The ...