6939 matches found
CVE-2015-1210
Removed by vendor...
Microsoft Internet Explorer Same Origin Policy Security Bypass Vulnerability
Internet Explorer is a web browser from Microsoft. A security bypass vulnerability exists in the Microsoft Internet Explorer homology policy, which can be exploited by an attacker to bypass the homology policy and certain access restrictions to access data...
CVE-2015-1210
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...
UBUNTU-CVE-2015-1210
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...
XSS Vulnerability in IE Could Lead to Phishing Attacks
Microsoft is aware of a recently disclosed bug in its latest browser, Internet Explorer 11, and is developing a patch for the issue. The vulnerability, a universal cross-site scripting XSS bug, could be exploited to steal information or inject code into domains on the browser on Windows 7 and 8.1...
Microsoft Internet Explorer Universal Cross-Site Scripting Flaw
A serious vulnerability has been discovered in all the latest versions of Microsoft's Internet Explorer that allows malicious hackers to inject malicious code into users' websites and steal cookies, session and login credentials. UNIVERSAL XSS BUG WITH SAME ORIGIN POLICY BYPASS The vulnerability ...
Microsoft Internet Explorer Homology Bypass Vulnerability
Internet Explorer is a web browser from Microsoft. Internet Explorer 11 suffers from a same-origin policy bypass vulnerability, which can be exploited by an attacker to bypass the same-origin policy and gain access to the content of other arbitrary web domains, or execute malicious code to be...
Internet Explorer Same Origin Policy Bypass (CVE-2015-0072)
A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by...
Internet Explorer 11 Same Origin Bypass
insider3show insider3show function go w=window.frames0; w.setTimeout"alerteval'x=top.frames1;r=confirm\'Close this window after 3...
chromium-browser: same-origin-bypass in V8
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
Google Chrome V8 Same Origin Bypass Vulnerability
Google Chrome is a popular WEB browser. A security vulnerability in Google Chrome V8 Harmony proxy allows attackers to bypass the same-origin policy by calling JavaScript code via specially crafted Proxy.create and console.log...
CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
Design/Logic Flaw
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
UBUNTU-CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
CVE-2014-7939
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...
CVE-2014-7939
CVE-2014-7939 affects Google Chrome before 40.0.2214.91, where the Harmony proxy in V8 can bypass the Same Origin Policy via crafted JavaScript using Proxy.create and console.log, related to HTTP responses missing X-Content-Type-Options: nosniff. Affected component is Chrome’s V8/Chromium stack; ...
CVE-2014-7939
Removed by vendor...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...
Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)
The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assiste...