6987 matches found
Design/Logic Flaw
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayerandroid.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video...
CVE-2014-3161
The CVE-2014-3161 entry corresponds to a vulnerability in Google Chrome for Android prior to 36.0.1985.122, where WebMediaPlayerAndroid::load did not properly handle redirects, allowing remote attackers to bypass the Same Origin Policy via a crafted site hosting a video stream. This is supported ...
CVE-2014-3160
CVE-2014-3160 affects Chromium/Blink: the ResourceFetcher::canRequest logic allowed subresource SVG requests to bypass Same Origin Policy. This is a remote-origin bypass via crafted SVG files in Chrome prior to 36.0.1985.125. Public advisories (Debian, openSUSE, Gentoo, Ubuntu) document the issue...
CVE-2014-3161
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayerandroid.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video...
CVE-2014-3160
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...
CVE-2014-3160
Removed by vendor...
CVE-2014-3160
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...
FreeBSD : chromium -- multiple vulnerabilities (3718833e-0d27-11e4-89db-000c6e25e3e9)
Google Chrome Releases reports : 26 security fixes in this release, including - 380885 Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. - 393765 CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. %NASLMINLEVEL 70300 C Tenable...
Chrome for Android Update Patches URL Spoofing Bug
The latest update to Chrome on Android – pushed yesterday – fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site. The problem, marked high priority by Google, was discovered by Japanese app developer Keita Haga. The...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 26 security fixes in this release, including 380885 Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. 393765 CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives...
Stable Channel Update
The Chrome Team is excited to announce the promotion of Chrome 36 to the Stable channel for Windows, Mac and Linux. Chrome 36.0.1985.125 contains a number of fixes and improvements, including: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash...
MS KB2974008: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
The remote host is missing KB2974008. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 - Multiple unspecified errors exist that could allow unspecified security bypass...
Flash Player for Mac <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)
According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data...
PT-2014-1372 · Adobe +4 · Flash Player +6
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 13.0.0.231 Adobe Flash Player versions 14.x prior to 14.0.0.145 Adobe AIR versions prior to 14.0.0.137 Adobe AIR SDK versions prior to 14.0.0.137 Adobe AIR SDK & Compiler versions prior to 14.0.0.137 hapi...
Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-17)
According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...
WebKit 'parent/top' Cross Domain Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attac...
Mozilla Firefox <= 3.0.3 Internet Shortcut Same Origin Policy Violation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31611/info Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling...
WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this vulnerability to bypas...
Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability
... Opera是一款由Opera Software开发和维护的WEB浏览器产品,可使用在Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。 ... Opera在处理浏览器同源策略时存在漏洞,可导致远程攻击者在用户浏览器不同的帧中执行脚本代码。 ... Opera允许Javascript修改包含在文档中IFRAME或者FRAME的Location属性,如果一IFRAME或者FRAME的Location设置JavaScript:...
Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and...