CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

Cross-site reading attack through data and view-source URIs — Mozilla

Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files...

Cross-origin information leak through web workers error events — Mozilla

Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites...

Same-origin policy violation using performance.getEntries and history navigation — Mozilla

Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of...

Debian: Security Advisory (DSA-3422-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

firefox: multiple issues

CVE-2015-7201 CVE-2015-7202 arbitrary code execution Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...

UBUNTU-CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2825-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2825-1 advisory. Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafte...

CentOS Update for thunderbird CESA-2015:2519 centos6

Check the version of thunderbird SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882330";...

CentOS Update for thunderbird CESA-2015:2519 centos5

Check the version of thunderbird SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882331";...

USN-2825-1: Oxide vulnerabilities

Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...

[SECURITY] [DSA 3415-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3415-1 [email protected] https://www.debian.org/security/ Michael Gilbert December 09, 2015 https://www.debian.org/security/faq -...

Debian DSA-3415-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library. - CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 JavaScript library. - CVE-2015-6765 A use-after-free issue was...

Cross site scripting

Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting XSS protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."...

CVE-2015-6164

CVE-2015-6164 affects Microsoft Internet Explorer 9–11. The issue is an improper implementation of the XSS Filter, allowing remote attackers to bypass the Same Origin Policy via a crafted web page. This is described as an XSS Filter Bypass vulnerability. Connected sources indicate public exploits...

Google Chrome DOM同源策略绕过漏洞

No description provided by source...

Debian Security Advisory DSA 3415-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library. CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2015-6765 A use-after-free issue was discovered in...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2015-07960)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the implementation of the professional-load commit in the WebKit/Source/bindings/core/v8/WindowProxy.cpp file in versions of Google Chrome prior to 47.0.2526.73. A remote attacker ca...