CVE-2016-0161

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158...

CVE-2016-0161

Microsoft Edge is affected by CVE-2016-0161, an elevation of privilege vulnerability where the browser fails to enforce cross-domain policies (Same Origin Policy). A remote attacker could exploit this to bypass domain boundaries and gain elevated privileges. The connected documents do not provide...

CVE-2016-0158

Microsoft Edge on Windows 10 is affected by CVE-2016-0158, an elevation of privilege vulnerability that bypasses the Same Origin Policy via cross‑domain policy enforcement weaknesses. Connected sources describe Edge failing to properly validate JavaScript and enforce domain restrictions, enabling...

Google Chrome < 48.0.2564.116 Blink Same-Origin Policy Bypass

Binary data 9201.pasl...

Mageia: Security Advisory (MGASA-2016-0124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Patterson Dental Eaglesoft Information Disclosure Vulnerability

Patterson Dental Eaglesoft is a suite of dental records software from Patterson Dental Supply Patterson Dental in the United States. An information disclosure vulnerability exists in Patterson Dental Eaglesoft that arises from the program using the same hard-coded credentials across different use...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)

MozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 boo969894 - MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and...

Security update for MozillaThunderbird (important)

MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...

MGASA-2016-0124 Updated iceape packages fix security vulnerability

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive...

Updated iceape packages fix security vulnerability

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. CVE-2015-7214 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive...

CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...

CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

Design/Logic Flaw

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

Design/Logic Flaw

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...

Design/Logic Flaw

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...