Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...

openSUSE Security Update : Chromium (openSUSE-2016-950)

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.116. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop advisory. - Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116...

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 52.0.2743.116. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop advisory. - Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 all...

Mozilla Firefox Security Advisories (MFSA2016-62, MFSA2016-84) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox ESR Security Advisories (MFSA2016-62, MFSA2016-84) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

OrientDB Server < 2.0.15, 2.1.x < 2.1.1 Clickjacking Vulnerability

OrientDB server is prone to a clickjacking vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:orientdb:orientdb";...

Mozilla Firefox ESR Security Advisories (MFSA2016-62, MFSA2016-84) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Design/Logic Flaw

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

CVE-2016-5145

Blink vulnerability in CVE-2016-5145 allows a Same Origin Policy bypass: after a structure-clone of an ImageBitmap created from a cross-origin image, a taint property is not preserved, enabling remote JavaScript to exfiltrate or access cross-origin data. Affected software: Google Chrome prior to ...

CVE-2016-5145

Removed by vendor...

OPENSUSE-SU-2016:1983-1 Security update for Chromium

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...

CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

UBUNTU-CVE-2016-5145

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

USN-3041-1: Oxide vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...

USN-3041-1 oxide-qt vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...

DEBIAN-CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...