362 matches found
UBUNTU-CVE-2020-6824
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwor...
Fedora 31 : webkit2gtk3 (2020-f25793aac4)
Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...
Fedora 30 : webkit2gtk3 (2020-f3fa778924)
Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...
December 10, 2019-KB4532999 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
December 10, 2019-KB4532999 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 Version 1709 includes cumulative reliability improvements in .NET 4.8. We recommend that you app...
December 10, 2019-KB4532998 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
December 10, 2019-KB4532998 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 Version 1703 includes cumulative reliability improvements in .NET 4.8. We recommend that you app...
December 10, 2019-KB4532997 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016
December 10, 2019-KB4532997 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: December 10, 2019 Version: .NET Framework 4.8 The December 10, 2019 update for Windows 10 version 1607 and Windows Server 2016 includes cumulative reliability...
DRIVE.NET, Inc.: Same site Scripting
Same site scripting I have found an error of some misconfigured DNS in a subdomain of yours which causes same site scripting. PoC 1 Open a terminal and type ping localhost.drive2.ru You would see that it resolves back to 127.0.0.1 A screenshot has been attached Impact This may cause security issu...
The vulnerability of the Firefox browser’s Reader View function, which allows a hacker to execute arbitrary code.
The vulnerability of the Firefox Browser’s Reader View function is related to errors in processing cookie files with the SameSite attribute. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
chromium-browser: SameSite cookie bypass
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Microsoft Edge and Microsoft Internet Explorer Security Bypass Vulnerability
Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...
Microsoft Browsers Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploit...
KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update
The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting fores...
KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update
The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully...
CVE-2018-12402
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...
chromium-browser: Insufficient policy enforcement in Navigation
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...
Mail.ru: DNS Misconfiguration
Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...
CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
U.S. Dept Of Defense: DNS Misconfiguration
Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...