CVE-2017-2493

CVE-2017-2493 corresponds to a WebKit/Safari vulnerability where loading an HTMLObjectElement could bypass Same Origin Policy via crafted objects and JavaScript URLs, enabling potential cross-origin information leakage. The Seebug writeup provides a PoC and notes SOP checks in HTMLPlugInImageElem...

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

CVE-2018-4117

CVE-2018-4117 is a cross-origin fetch vulnerability in WebKit that could allow a crafted web site to bypass Same Origin Policy and exfiltrate data. Public references indicate affected products include Apple’s iOS Safari, watchOS, iCloud for Windows, and iTunes on Windows, with WebKit underlies th...

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

Squid < 3.5.18 Host Header Handling Same-Origin Protection / Content Filtering Bypass (SQUID-2016:8)

According to its banner, the version of Squid running on the remote host is prior to 3.5.18. It is, therefore, potentially affected by a Host header same-origin filtering bypass vulnerability. A remote attacker could exploit this issue to poison the cache by forcing a Host header value past...

UBUNTU-CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

PT-2018-16563 · Siemens · Simatic Wincc Oa Ui For Android +1

Name of the Vulnerable Software and Affected Versions: SIMATIC WinCC OA UI for Android versions prior to V3.15.10 SIMATIC WinCC OA UI for iOS versions prior to V3.15.10 Description: A security issue has been identified due to insufficient limitation of CONTROL script capabilities, allowing read a...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2018-07309)

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A same-origin policy bypass vulnerability exists in Mozilla Firefox. A remote user can bypass the same-origin policy and access data in another tab by invoking a shared worker via the 'data:' U...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3596-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3596-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu: Security Advisory (USN-3596-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3596-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

UBUNTU-CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

FreeBSD : mozilla -- multiple vulnerabilities (c71cdc95-3c18-45b7-866a-af28b59aabb5)

Mozilla Foundation reports : CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5128: Use-after-free manipulating editor selection ranges CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5130: Mismatched RTP payload type can trigger memory corrupti...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5128: Use-after-free manipulating editor selection ranges CVE-2018-5129: Out-of-bounds write with malformed IPC messages CVE-2018-5130: Mismatched RTP payload type can trigger memory corruptio...

chromium-browser: same origin bypass via canvas

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Google Chrome Multiple Security Vulnerabilities (Mar 2018) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Multiple Security Vulnerabilities (Mar 2018) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)

Google Chrome Releases reports : Several security fixes in this release, including : - 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 - 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 - 793620...