Lucene search
K

6987 matches found

Mozilla
Mozilla
added 2014/02/04 12:0 a.m.39 views

Information disclosure with *FromPoint on iframes — Mozilla

Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...

5CVSS8.9AI score0.02467EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2014/02/04 12:0 a.m.30 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

7.5CVSS6.9AI score0.02335EPSS
Exploits1References5
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.68 views

Security Vulnerabilities in Apache Cordova / PhoneGap

The following email was sent to Apache Cordova/PhoneGap on 12/13/2013, and again on 1/17/2014. As there has been no response, we are re-posting it here to alert the general public of the inherent vulnerabilities in Apache Cordova/PhoneGap. Dear PhoneGap contributors, PhoneGap’s domain whitelistin...

0.2AI score
Exploits0
NVD
NVD
added 2014/01/05 8:55 p.m.16 views

CVE-2012-2899

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors involving the document.write method...

4.3CVSS5.4AI score0.00813EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/01/05 8:55 p.m.30 views

CVE-2012-2899

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors involving the document.write method...

4.3CVSS5.9AI score0.00813EPSS
Exploits0References3
Prion
Prion
added 2014/01/05 8:55 p.m.21 views

Design/Logic Flaw

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors involving the document.write method...

4.3CVSS5.8AI score0.00813EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/01/05 8:0 p.m.52 views

CVE-2012-2899

Summary: CVE-2012-2899 affects Google Chrome on iOS prior to 21.0.1180.82. The issue arises from incorrect calls to WebView methods that enable an applewebdata: URL, bypassing the Same Origin Policy and enabling Universal XSS (UXSS) via document.write. Impact: SOP bypass and UXSS risk on affected...

4.3CVSS5.5AI score0.00813EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2014/01/05 8:0 p.m.24 views

CVE-2012-2899

Removed by vendor...

4.3CVSS7AI score0.00813EPSS
Exploits0
NVD
NVD
added 2013/12/18 4:4 p.m.16 views

CVE-2013-5227

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.4CVSS6.2AI score0.02259EPSS
Exploits1References6
Prion
Prion
added 2013/12/18 4:4 p.m.20 views

Design/Logic Flaw

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.4CVSS6.7AI score0.02259EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2013/12/18 11:0 a.m.67 views

CVE-2013-5227

CVE-2013-5227 (Safari autofill origin tracking) affects Apple Safari, where remote attackers could bypass Same Origin Policy and discover credentials by triggering autofill of subframe form fields. The vulnerability is described as: Safari may autofill user names and passwords into a subframe fro...

6.4CVSS6.2AI score0.02259EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/12/18 11:0 a.m.26 views

CVE-2013-5227

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.2AI score0.02259EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2013/12/12 12:0 a.m.27 views

Vatican Web Site Cross Site Scripting

Official Vatican web site Cross Site Scripting Time Line Vulnerability No one has responded to multiple security advisories sent to Vatican -------------------------------------------------------------------- Title: Official Vatican web site Cross Site Scripting Vendor: http://vatican.va...

7.4AI score
Exploits0
NVD
NVD
added 2013/12/11 3:55 p.m.15 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS8AI score0.03402EPSS
Exploits1References16
ATTACKERKB
ATTACKERKB
added 2013/12/11 3:55 p.m.3 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS5.7AI score0.03402EPSS
Exploits1References17
Prion
Prion
added 2013/12/11 3:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS6AI score0.03402EPSS
Exploits1References16Affected Software16
Cvelist
Cvelist
added 2013/12/11 3:0 p.m.19 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

7.9AI score0.03402EPSS
Exploits1References16
CVE
CVE
added 2013/12/11 3:0 p.m.131 views

CVE-2013-5612

CVE-2013-5612 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 due to the absence of a charset parameter in the Content-Type header. Connected advisories confirm Firefox/SeaMonkey fixes in 2013–2014 releases (e.g., openSUSE SU-2013:1917, Mirac...

4.3CVSS7.7AI score0.03402EPSS
Exploits1References16Affected Software2
RedHat Linux
RedHat Linux
added 2013/12/11 5:26 a.m.21 views

Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS7AI score0.03402EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2013/12/11 12:0 a.m.29 views

CVE-2013-5612

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS6.9AI score0.03402EPSS
Exploits1References3
Rows per page
Query Builder