Design/Logic Flaw

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...

UBUNTU-CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...

Design/Logic Flaw

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...

CVE-2015-1156

CVE-2015-1156 affects WebKit as used by Apple Safari: the page-loading implementation does not correctly handle the rel attribute in an A element, allowing a crafted site to bypass the Same Origin Policy for a link’s target and spoof the user interface. Affected Safari/WebKit versions include bef...

CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...

Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02943)

WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. A bypass same-origin policy vulnerability exists in Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x using WebKit's history implementation, which allows remote attackers to bypass the...

Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02944)

WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x versions using WebKit's page-loading implementation suffers from a bypassing the same-origin policy vulnerability that stems from its...

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...

CVE-2015-1155

CVE-2015-1155 - WebKit history implementation flaw allows remote attackers to bypass Same Origin Policy and read arbitrary files via a crafted site. Affected: WebKit used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6. Remediation: apply the vendor patches that fix the histo...

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...

UBUNTU-CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...

Mozilla Firefox < 37.0 Multiple Vulnerabilities

Binary data 8742.prm...

Debian DSA-3238-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...

Ubuntu: Security Advisory (USN-2570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

USN-2570-1: Oxide vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

USN-2570-1 oxide-qt vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3238-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...

DSA-3238-1 chromium-browser - security update

Bulletin has no description...