6906 matches found
chromium-browser: Cross-origin bypass in ServiceWorker
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...
CVE-2015-1292
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...
CVE-2015-1293
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
UBUNTU-CVE-2015-1293
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
UBUNTU-CVE-2015-1292
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...
SUSE-SU-2015:1476-1 Security update for MozillaFirefox, mozilla-nss
Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR bsc943608 MFSA 2015-94/CVE-2015-4497 bsc943557 Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 bsc943558...
Firefox < 39.0.3 - pdf.js Same Origin Policy Exploit
CVE-2015-4495Description:This exploit allow attacker to read and copy information on victim's computer, once they view the web site crafted with this exploit. //exploit.js: var starttimeout=2000; var sandboxcontexti=null; var DIRCACHE=; var FILECACHE=; var hidden=true; var mywinid=null; function...
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object
Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for https://code.google.com/p/chromium/issues/detail?id=481639 --- An instance of ActionScript's Sound class allows for...
Mozilla Firefox JSON Parsing Same Origin Policy Bypass Vulnerability
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability when parsing JSON, which allows remote attackers to construct malicious WEB pages and trick users into parsing them, redefine non-configurable attributes on JavaScript objects, and bypass the...
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...
CVE-2015-3753
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...
CVE-2015-3753
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...
Design/Logic Flaw
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...
UBUNTU-CVE-2015-3753
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...
CVE-2015-3753
CVE-2015-3753 affects WebKit used in Apple Safari (before 6.2.8, before 7.1.8 for 7.x, and before 8.0.8 for 8.x; on iOS prior to 8.4.1). The root cause is improper taint checking for CANVAS elements, which could allow remote attackers to bypass the Same Origin Policy and exfiltrate sensitive imag...
CVE-2015-3753
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...
CVE-2015-4478
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...
Design/Logic Flaw
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...
CVE-2015-4478
CVE-2015-4478 affects Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2. The issue arises when parsing JSON with JSON.parse and a reviver, which can redefine non-configurable properties on JavaScript objects and bypass the Same Origin Policy. Affected products: Firefox/ESR; root cause:...