6987 matches found
Firefox < 33.0 Multiple Vulnerabilities (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is a version prior to 33.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...
Android Browser in Android < 4.4 Same Origin Policy Bypass
Binary data 8543.prm...
CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
Accessing cross-origin objects via the Alarms API — Mozilla
Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy...
UBUNTU-CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
Second Same-Origin Policy Bypass Flaw Haunts Android Browser
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user’s browser. Google has fixed the vulnerability in some versions of Android, but millions of users of older versions are still affected. The...
Debian Security Advisory DSA 3039-1 (chromium-browser - security update)
Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...
Debian DSA-3039-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. - CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...
[SECURITY] [DSA 3039-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3039-1 [email protected] http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq -...
DSA-3039-1 chromium-browser - security update
Bulletin has no description...
CVE-2014-5318
The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
Code injection
The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2014-5318
The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2014-5318
The CVE-2014-5318 issue affects jigbrowser+ for iOS (versions 1.8.1 and earlier). A flaw in how the app loads web pages allows remote attackers to bypass the Same Origin Policy by injecting crafted JavaScript, enabling access to data across different domains. Affected component: the iOS web loadi...
jigbrowser+ for iOS same origin policy bypass
Overview jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#80531230: jigbrowser+ for iOS same origin policy bypass
jigbrowser+ for iOS contains a flaw in loading web pages, which may allow an attacker to bypass the same origin policy. Impact By using JavaScript, an attacker may obtain sensitive data from a different domain in violation of the same origin policy. Solution Update the Software Update to the late...
Updated flash-player-plugin packages fix multiple security vulnerabilities
Adobe Flash Player 11.2.202.406 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves memory leakage vulnerabilities that could be used to bypass memory address...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
Android browser serious bug affecting half of Android users-vulnerability warning-the black bar safety net
Open source Android browser is found a affect half of Android users of a serious bug, which could allow a malicious web site injection JS script to access other site content, such as read passwords and cookies and other sensitive data. The browser will usually be designed to prevent a site script...
New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users
A Serious vulnerability has been discovered in the Web browser installed by default on a large number Approximately 70% of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploi...