6987 matches found
Character encoding cross-origin XSS attack — Mozilla
Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...
Use the csrf vulnerability to upload files-the vulnerability warning-the black bar safety net
Everyone knows that the commonly used csrf to upload a file is not very simple. The problem is that we create a fake form submission data with browser file upload to submit the data a little different. That is the upload request will have a filename parameter: -----------------------------2 5 6 6...
Updated iceape packages fix many vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service memory...
CVE-2013-3908
Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosu...
Information disclosure
Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosu...
CVE-2013-3908
Technical details about CVE-2013-3908 are not publicly disclosed in the provided documents. Monitor for updates from connected sources for affected products, root cause, impact, and available fixes.
easyXDM 2.4.16 Cross Site Scripting
Affected products ================= easyXDM library = 2.4.16 - http://easyxdm.net/wp/ easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript APIs acro...
Firefox For Android Same-Origin Bypass
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. CVE Number: CVE-2013-1727 Vender...
FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)
The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...
Firefox for Android - Same-origin bypass through symbolic links
CVE Number: CVE-2013-1727 Vender Identifier: MFSA 2013-84 Title: Firefox for Android - Same-origin bypass through symbolic links Affected Software: Prior to v24 confirmed on v14 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v24 was released which fixes this...
Firefox For Android Same-Origin Bypass
CVE Number: CVE-2013-1727 Vender Identifier: MFSA 2013-84 Title: Firefox for Android - Same-origin bypass through symbolic links Affected Software: Prior to v24 confirmed on v14 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v24 was released which fixes this...
CVE-2013-5159
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...
Design/Logic Flaw
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...
CVE-2013-5159
The CVE-2013-5159 entry concerns WebKit in Apple iOS prior to 7, where a vulnerability allowed a remote attacker to bypass the Same Origin Policy via an iframe and infer use of the window.webkitRequestAnimationFrame API, potentially exposing information about page behavior. Affected component: We...
CVE-2013-5159
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element...
CVE-2013-1727
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...
Cross site scripting
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...
CVE-2013-1727
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...
CVE-2013-1727
CVE-2013-1727 affects Mozilla Firefox on Android prior to 24.0, where a symlink/URL trick can bypass the Same-Origin Policy for local files (file: URLs). This enables potential cross‑site scripting (XSS) and access to sensitive data such as cookies or passwords if a local file is involved. The is...
Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass
Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute...