chromium-browser: Site isolation bypass

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

chromium-browser: SameSite cookie bypass

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

[ASA-201910-15] thunderbird: multiple issues

Arch Linux Security Advisory ASA-201910-15 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Package : thunderbird Type : multiple issues...

[ASA-201910-16] firefox: multiple issues

Arch Linux Security Advisory ASA-201910-16 ========================================== Severity: Critical Date : 2019-10-26 CVE-ID : CVE-2018-6156 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-11765 CVE-2019-15903 CVE-2019-17000...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

USN-4165-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting XSS attacks,...

CVE-2019-13682

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

AutoPi.io AutoPi Wi-Fi/NB and AutoPi 4G/LTE Brute Force Attack Vulnerabilities

AutoPi.io AutoPi Wi-Fi/NB and AutoPi 4G/LTE are both encrypted devices from the Danish company AutoPi.io. A security vulnerability exists in AutoPi.io AutoPi Wi-Fi/NB and AutoPi 4G/LTE versions prior to 2019-10-15, which stems from the fact that the default WiFi and WiFi SSIDs are both derived fr...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0190)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerabilit...

Security fix for the ALT Linux 10 package thunderbird version 68.1.2-alt1

Oct. 13, 2019 Andrey Cherepanov 68.1.2-alt1 - New version 68.1.2. - Fixed: + CVE-2019-11739 Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea...

CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...

CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information...

CVE-2017-7787

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

USN-4122-2: Firefox regression

USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered i...

WebKit FrameLoader::clear Same-Origin Policy Bypass

WebKit: Same-Origin Policy bypass in FrameLoader::clear VULNERABILITY DETAILS void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; // 1 mneedsClear = false; if...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2248)

This update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2249)

This update for MozillaThunderbird to version 68.1.1 fixes the following issues : - CVE-2019-11709: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11710: Fixed several memory safety bugs. bsc1140868 - CVE-2019-11711: Fixed a script injection within domain through inner window reuse...

openSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)

This update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. bsc1140868 - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. bsc1149294 - CVE-2019-11710: Fixed several memo...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:2251-1 Rating: important References: 1109465 1117473 1123482 1124525 1133810 1138688 1140868 1141322 1145665 1149292 1149293 1149294 1149295 1149296 1149297 1149298 1149299 1149302 1149303 1149304 11493...