Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

Design/Logic Flaw

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

Information disclosure

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

Design/Logic Flaw

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

CVE-2015-7214

CVE-2015-7214 affects Mozilla Firefox before 43.0 and Firefox ESR before 38.5. A cross-site read bypass of the Same Origin Policy is possible via data: and view-source: URIs, allowing an attacker to read data from cross-site URLs and local files. Connected sources confirm the bypass vector and in...

CVE-2015-7215

CVE-2015-7215 affects Mozilla Firefox before 43.0 (and ESR 38.x) via the Web Workers importScripts implementation. The underlying issue is that triggering no-cors fetch via importScripts can bypass the Same Origin Policy, leading to information disclosure after a rethrow. Impact reported across m...

CVE-2015-7207

CVE-2015-7207 affects Mozilla Firefox before 43.0. The vulnerability arises because the IFRAME Resource Timing API times are not properly restricted, allowing a remote attacker to bypass the Same Origin Policy and exfiltrate data via crafted JavaScript that uses history.back and performance.getEn...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...

FreeBSD : mozilla -- multiple vulnerabilities (2c2d1c39-1396-459a-91f5-ca03ee7c64c6)

The Mozilla Project reports : MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...

Debian Security Advisory DSA 3422-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3422.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3422-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

USN-2833-1 firefox vulnerabilities

Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...

UBUNTU-CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

Debian: Security Advisory (DSA-3422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site reading attack through data and view-source URIs — Mozilla

Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files...