CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

Debian Security Advisory DSA 3640-1 (firefox-esr - security update)

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. OpenVAS...

Stable Channel Update for Desktop

The stable channel has been updated to 52.0.2743.116 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictio...

UBUNTU-CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 10 security fixes in this release, including: 629542 High CVE-2016-5141 Address bar spoofing. Credit to anonymous 626948 High CVE-2016-5142 Use-after-free in Blink. Credit to anonymous 625541 High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go of Stealie...

Firefox local file disclosure and same-origin policy bypass-vulnerability warning-the black bar safety net

Security research experts found that an attacker can use the Firefox browser offers“page Save as”function to read the target user's computer stored in any file. In addition, the attacker can also use this mechanism to get external web server in the data content. This kind of thing occurs, is...

Debian DSA-3637-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-1706 Pinki...

openSUSE Security Update : Chromium (openSUSE-2016-919)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

[SECURITY] [DSA 3637-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3637-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq -...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Google Chrome < 52.0.2743.82 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities as referenced in the 201607stable-channel-update advisory. - The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origi...

Google Chrome < 52.0.2743.82 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities as referenced in the 201607stable-channel-update advisory. - The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin ...

Google Chrome V8 Same Origin Policy Bypass Vulnerability (CNVD-2016-05641)

Google Chrome is a web browsing tool developed by Google. Google Chrome version 52.0.2743.82, prior to V8 5.2.361.27objects.cc does not prevent the API interceptor from modifying the storage target without setting an attribute A security vulnerability exists in which a remote attacker can bypass...

Multiple Apple Products WebKit Homologation Policy Bypass Vulnerability

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Multiple Apple products WebKit homology policy bypass vulnerability (CNVD-2016-05666)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Google Chrome SOP Protection Mechanism Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A protection mechanism bypass vulnerability exists in Service Workers in versions prior to Google Chrome 52.0.2743.82. A remote attacker can exploit this vulnerability to bypass the same-origin policy...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2016-05588)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the WebKit/Source/core/loader/FrameLoader.cpp file in Blink used in versions prior to Google...

chromium-browser: limited same-origin bypass in service workers

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

chromium-browser: same-origin bypass in v8

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

chromium-browser: same-origin bypass in blink

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...