6903 matches found
UBUNTU-CVE-2016-5173
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
CVE-2016-5173
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
CVE-2016-5173
Removed by vendor...
CVE-2016-5173
CVE-2016-5173 affects the Chromium/Google Chrome extensions subsystem, where access to Object.prototype was not properly restricted. This allowed a remote attacker to load unintended resources and trigger unintended JavaScript calls, bypassing the Same Origin Policy via an indirect interception a...
Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-08178)
Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of segment identifiers in the SRC attribute of the IFRAME element allows remote attackers to build malicious web pages that can be exploited to trick users into parsing them, which can be used to bypass t...
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
Authorization
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
CVE-2016-5283
Mozilla Firefox contains CVE-2016-5283: a cross-origin data disclosure via an iframe SRC fragment timing attack that can reveal cross-origin data after a document resize, effectively bypassing parts of the Same Origin Policy. The root cause is a timing-based leakage through fragment handling. Ex...
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
UBUNTU-CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...
chromium-browser: extension resource access
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
FreeBSD : chromium -- multiple vulnerabilities (958b9cee-79da-11e6-bf75-3065ec8fd3ec)
Google Chrome Releases reports : 10 security fixes in this release, including : - 629542 High CVE-2016-5141 Address bar spoofing. Credit to anonymous - 626948 High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous - 625541 High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of...
CVE-2016-5173
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...
openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1057)
This update for MozillaThunderbird fixes the following issues : - update to Thunderbird 45.3.0 boo991809 - Disposition-Notification-To could not be used in mail.compose.other.header - 'edit as new message' on a received message pre-filled the sender as the composing identity. - Certain messages...
Chrome < 52.0.2743.82 Multiple Vulnerabilities
Binary data 802027.prm...
Android security WebViewUXSS vulnerability-vulnerability warning-the black bar safety net
0X01 introduction XSSis more familiar to us of an attack, including storage-typeXSS, a reflective-typeXSS, DOM XSS, etc., but UXSSuniversal typeXSSin addition, a different vulnerability types, mainly reflected in the vulnerability of the carrier and sphere of influence. XSSthe problem stems from ...
Google Chrome < 52.0.2743.116 Multiple Vulnerabilities
Binary data 9490.pasl...