CVE-2018-18499

CVE-2018-18499 is a same-origin policy vulnerability in Mozilla Firefox and Thunderbird where a page using a meta http-equiv="refresh" redirects to another site and allows theft of cross-origin URL entries via performance.getEntries(). Affected: Firefox < 62, Firefox ESR < 60.2, Thunderbird

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

CVE-2018-18494

CVE-2018-18494 is a same-origin policy violation in Thunderbird/Firefox components caused by using the location property with performance.getEntries to steal cross-origin URL entries. Affected: Thunderbird < 60.4, Firefox ESR < 60.4, Firefox

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)

This update for MozillaThunderbird to version 60.5.1 fixes the following issues : Security vulnerabilities addressed MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc1122983 bsc1119105 bsc1125330 : - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. -...

Ubuntu: Security Advisory (USN-3896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3896-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code...

USN-3896-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:0249-1 Rating: important References: 1122983 1125330 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494...

MyBB 1.6.x ChangUonDyU Chatbox 3.6.0 Cross Site Scripting

Exploit Title : MyBB 1.6.x ChangUonDyU Chatbox Plugins 3.6.0 Cross Site Scripting Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : mybb.com Software Download Link : destek.mybb.com.tr/attachment.php?aid=742 Software Information Links ...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

DEBIAN-CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

Input validation

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

UBUNTU-CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

CVE-2019-5773

CVE-2019-5773 : Insufficient origin validation in IndexedDB in Google Chrome before 72.0.3626.81 allows a remote attacker who compromised the renderer process to bypass the same-origin policy via a crafted HTML page. Affected product/version: Google Chrome (IndexedDB). Root cause: origin validati...

CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page...

Sails before 0.12.7 vulnerable to Broken CORS

Affected versions of sails have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This may allow an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious HTML...