Tavis Ormandy Discloses Comodo GeekBuddy VNC Server

Just when you thought it was safe to dive back into the Comodo waters, Google researcher Tavis Ormandy has surfaced with more trouble. Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Securit...

Google Chrome < 48.0.2564.109 Multiple Vulnerabilities

Binary data 9083.pasl...

Ubuntu: Security Advisory (USN-2895-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : chromium -- same origin bypass (368993bb-d685-11e5-8858-00262d5ed8ee)

Google Chrome Releases reports : 583431 Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database...

CVE-2016-0069

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068...

CVE-2016-0069

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068...

CVE-2016-0068

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069...

CVE-2016-0068

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069...

Privilege escalation

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069...

Privilege escalation

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068...

CVE-2016-0069

CVE-2016-0069 corresponds to Internet Explorer cross-domain policy bypass (Same Origin Policy bypass) affecting IE 9–11. Connected sources indicate the flaw enables information disclosure via cross-domain policy bypass, with MS16-009 addressing the issue. The vulnerability is described as an elev...

CVE-2016-0068

CVE-2016-0068 affects Microsoft Internet Explorer 9–11. It describes a cross-domain policy bypass vulnerability that could allow remote attackers to bypass the Same Origin Policy via unspecified vectors, potentially enabling information access across domains. The related JVN entries indicate the ...

CVE-2016-0069

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-01144)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 44.0.2, which stems from a failure of the program to properly restrict interactions between Service Workers and plugins. The...

Ebay Cross Site Scripting

Hello all, Description: Persistent DOM based Cross Site Scripting on ebay.com domain. Disclosed to Ebay: January 2015 Fixed: February 2016 Vulnerability location: Every listing Who are able to create: Sellers Same origin policy bypass via postMessage Write-up:...

KLA10760 Security bypass vulnerabilities in Google Chrome

An unspecified vulnerability was found in Google Chrome. By exploiting this vulnerability malicious users can bypass same origin policy and sandbox mechanism protection. This vulnerability can be exploited remotely via an unknown vectors. Original advisories Google Chrome releases blog Related...

chromium -- same origin bypass

Google Chrome Releases reports: 583431 Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous...

openSUSE Security Update : MozillaFirefox (openSUSE-2016-223)

This update for MozillaFirefox fixes the following issues : - update to Firefox 44.0.2 - MFSA 2016-13/CVE-2016-1949 bmo1245724, boo966438 Same-origin-policy violation using Service Workers with plugins - Fix issue which could lead to the removal of stored passwords under certain circumstances...

chromium-browser: same-origin bypass in DOM

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...

chromium-browser: same-origin bypass in Extensions

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...