Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking

Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...

Microsoft Edge Security Feature Bypass Vulnerability (CNVD-2018-03511)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Edge is one of the web browsers that comes with the system. A security feature bypass vulnerability exists in Edge in Microsoft Windows 10 versions 1607, 1703, and Windows Server 2016, which stems fro...

Ubuntu: Security Advisory (USN-3544-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to deficiencies in the implementation of SOP (Same-origin policy). These vulnerabilities allow attackers to gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to deficiencies in the implementation of SOP Same-origin policy. Exploiting these vulnerabilities can allow an attacker, operating remotely, to gain unauthorized access to protected information using...

Debian: Security Advisory (DLA-1053-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Semrush: Cross-origin resource sharing misconfig

Description An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other...

chromium-browser: same origin bypass in shared worker

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page...

Debian DSA-4103-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-15420 Drew Springall discovered a URL spoofing issue. - CVE-2017-15429 A cross-site scripting issue was discovered in the v8 JavaScript library. - CVE-2018-6031 A use-after-free issue was discovered in the pdfium...

Google Chrome for Mac, Windows and Linux Shared Worker Source Policy Bypass Vulnerability

Google Chrome for Mac, Windows and Linux is a web browser developed by Google for the Mac, Windows and Linux platforms.Shared Worker is one of the content sharing components of Google Chrome. A security vulnerability exists in Shared Worker in versions of Google Chrome prior to 64.0.3282.119 on...

openSUSE Security Update : chromium (openSUSE-2018-103)

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed : - CVE-2018-6031: Use after free in PDFium boo1077571 - CVE-2018-6032: Same origin bypass in Shared Worker boo1077571 - CVE-2018-6033: Race when opening downloaded files boo1077571 - CVE-2018-6034:...

Security update for chromium (important)

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium boo1077571 - CVE-2018-6032: Same origin bypass in Shared Worker boo1077571 - CVE-2018-6033: Race when opening downloaded files boo1077571 - CVE-2018-6034:...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3544-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3544-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu: Security Advisory (USN-3544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3544-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...

USN-3544-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...

UBUNTU-CVE-2018-5116

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with th...

Cheetah Mobile Armorfly Browser&Downloader Security Bypass Vulnerability

Cheetah Mobile Armorfly Browser&Downloader is a browser with download function from Cheetah Mobile China. A security bypass vulnerability exists in Cheetah Mobile Armorfly Browser&Downloader version 1.1.05.0010. An attacker can exploit this vulnerability to bypass the same-origin policy...