CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

Algolia: No rate limit for Referral Program

Hi, It is possible to bombard the referral requests to the same email any number of times. Thanks,...

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

UBUNTU-CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

chromium-browser: extension resource access

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

FreeBSD : chromium -- multiple vulnerabilities (958b9cee-79da-11e6-bf75-3065ec8fd3ec)

Google Chrome Releases reports : 10 security fixes in this release, including : - 629542 High CVE-2016-5141 Address bar spoofing. Credit to anonymous - 626948 High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous - 625541 High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of...

CVE-2016-5173

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1057)

This update for MozillaThunderbird fixes the following issues : - update to Thunderbird 45.3.0 boo991809 - Disposition-Notification-To could not be used in mail.compose.other.header - 'edit as new message' on a received message pre-filled the sender as the composing identity. - Certain messages...

Chrome < 52.0.2743.82 Multiple Vulnerabilities

Binary data 802027.prm...

Android security WebViewUXSS vulnerability-vulnerability warning-the black bar safety net

0X01 introduction XSSis more familiar to us of an attack, including storage-typeXSS, a reflective-typeXSS, DOM XSS, etc., but UXSSuniversal typeXSSin addition, a different vulnerability types, mainly reflected in the vulnerability of the carrier and sphere of influence. XSSthe problem stems from ...

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

Binary data 9490.pasl...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:2195-1)

Mozilla Firefox was updated to 45.3.0 ESR to fix the following issues bsc991809 : - MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards rv:48.0 / rv:45.3 - MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed - MFSA 2016-64/CVE-2016-2838...

Mail.ru: Same origin policy bypass on e.mail.ru via Cross-Site Flashing

Hello Mail.Ru Security Team, There is a Cross-Site Flashing vulnerability in e.mail.ru. this vulnerability is similar to XSS except it is Flash script execution. Ref : https://www.owasp.org/index.php/TestingforCrosssiteflashingOTG-CLIENT-008 This allow an attacker to execute requests to the...

webkit2gtk: multiple issues

CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...

chromium: multiple issues

CVE-2016-5139 arbitrary code execution Multiple integer overflows in the opjtcdinittile function in tcd.c in OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have other unspecified impact via crafted JPEG 2000 data. -...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-960)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included : - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

Updated chromium-browser-stable packages fix security vulnerability

Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium CVE-2016-5139 and CVE-2016-5140; an address bar spoofing problem CVE-2016-5141; a use-after-free bug CVE-2016-5142 and a same origin bypass problem CVE-2016-5145 in blink; two parameter sanitization...

chromium-browser: Same origin bypass for images in Blink

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...