Mozilla: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

PYSEC-2018-94

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...

CVE-2018-0662

Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code...

Google Chrome Security Bypass Vulnerability (CNVD-2019-03619)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 69.0.3497.81. The vulnerability can be exploited ...

The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

Mozilla Firefox Security Advisories (MFSA2018-18, MFSA2018-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Security vulnerabilities fixed in Firefox 62 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...

Security vulnerabilities fixed in Firefox ESR 60.2 — Mozilla

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when an IndexedDB index is deleted while...

CVE-2018-16413

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function...

Mozilla Firefox < 61 Multiple Vulnerabilities

Binary data 700330.prm...

Mozilla Firefox < 59 Multiple Vulnerabilities

Binary data 700328.prm...

See how I found the Yahoo XSSi vulnerability to achieve the user information stealing-vulnerability warning-the black bar safety net

! Find some specific categories of vulnerability is composed of two key parts, that is the vulnerability the cognitive as well as mining the degree of difficulty. Cross-site script contains a vulnerabilityXSSi in a recognized security standards OWASP TOP 10 and is not mentioned, but it is also no...

Same Origin Policy Bypass

libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl's cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain...

DEBIAN-CVE-2017-16653

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony Version =2 does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in ...

RHEL 6 : chromium-browser (RHSA-2018:2282)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2282 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 68.0.3440.75. Security Fixes:...

DEBIAN-CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...

chromium-browser: Cross origin information leak in Blink

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...