UBUNTU-CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

UBUNTU-CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

UBUNTU-CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...

CVE-2016-1779

CVE-2016-1779 affects WebKit in Apple iOS < 9.3 and Safari

CVE-2016-1785

CVE-2016-1785 affects WebKit Page Loading in Apple iOS prior to 9.3 and Safari prior to 9.1. The root cause is incorrect character encoding handling when accessing cached data, which can allow a crafted website to bypass the Same Origin Policy and read cached data from a destination origin. The d...

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

CVE-2016-1786

The CVE-2016-1786 issue affects WebKit Page Loading in Apple iOS prior to 9.3 and Safari prior to 9.1. It arises from improper handling of HTTP 3xx responses, allowing a remote attacker to spoof the displayed URL, bypass Same Origin Policy, and potentially read sensitive cached data via a crafted...

CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

Apple iOS/Safari Information Disclosure Vulnerability

Apple iOS is Apple's operating system for several smart devices.Apple Safari is an American Apple web browser that is the default browser that comes with the Mac OS X and iOS operating systems. The page load implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 fails to properly...

Apple iOS/Safari Information Disclosure Vulnerability (CNVD-2016-01839)

Apple iOS is Apple's operating system for several smart devices.Apple Safari is an American Apple web browser that is the default browser that comes with the Mac OS X and iOS operating systems. The page load implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 fails to properly...

openSUSE Security Update : Chromium (openSUSE-2016-664)

Chromium was updated to 49.0.2623.75 to fix the following security issues: boo969333 - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free i...

Mozilla Firefox Multiple Vulnerabilities (Mar 2016) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox ESR Multiple Vulnerabilities (Mar 2016) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox ESR Multiple Vulnerabilities (Mar 2016) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

openSUSE Security Update : Chromium (openSUSE-2016-330)

Chromium was updated to 49.0.2623.75 to fix the following security issues: boo969333 - CVE-2016-1630: Same-origin bypass in Blink - CVE-2016-1631: Same-origin bypass in Pepper Plugin - CVE-2016-1632: Bad cast in Extensions - CVE-2016-1633: Use-after-free in Blink - CVE-2016-1634: Use-after-free i...

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

DEBIAN-CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...