6903 matches found
Design/Logic Flaw
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-5145
Blink vulnerability in CVE-2016-5145 allows a Same Origin Policy bypass: after a structure-clone of an ImageBitmap created from a cross-origin image, a taint property is not preserved, enabling remote JavaScript to exfiltrate or access cross-origin data. Affected software: Google Chrome prior to ...
CVE-2016-5145
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-5145
Removed by vendor...
OPENSUSE-SU-2016:1983-1 Security update for Chromium
Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...
CVE-2016-5145
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
UBUNTU-CVE-2016-5145
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
USN-3041-1: Oxide vulnerabilities
Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...
USN-3041-1 oxide-qt vulnerabilities
Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
DEBIAN-CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
Design/Logic Flaw
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
Security update for MozillaFirefox, mozilla-nss (important)
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
CVE-2016-5265
CVE-2016-5265 affects Mozilla Firefox and Firefox ESR. The initial description states that Firefox before 48.0 and Firefox ESR 45.x before 45.3 can allow a user-assisted remote attacker to bypass the Same Origin Policy, perform UXSS, or read arbitrary files by placing a crafted HTML document and ...
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
Firefox ESR 45.x < 45.3 Multiple Vulnerabilities (Mac OS X)
The version of Firefox ESR installed on the remote Mac OS X host is 45.x prior to 45.3. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to close connections after requesting favicons. An attacker can exploit this to contin...
Google Chrome Blink bypasses same-origin policy vulnerability
Google Chrome is a web browsing tool developed by Google. A vulnerability exists in Google Chrome Blink to bypass the same-origin policy. Allows remote attackers to bypass the same-origin policy via specially crafted JavaScript code...
firefox: multiple issues
CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...