8386 matches found
FreeBSD : firefox -- Same-origin-policy violation using Service Workers with plugins (172b22cb-d3f6-11e5-ac9e-485d605f4717)
The Mozilla Foundation reports : MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servi...
Mozilla Firefox Security Bypass Vulnerability (Feb 2016) - Mac OS X
Mozilla Firefox is prone to same-origin policy bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mozilla Firefox Security Bypass Vulnerability (Feb 2016) - Windows
Mozilla Firefox is prone to same-origin policy bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Google Chrome Security Bypass Vulnerability (Feb 2016) - Linux
Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
Google Chrome Security Bypass Vulnerability (Feb 2016) - Windows
Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
Google Chrome Security Bypass Vulnerability (Feb 2016) - Mac OS X
Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
Design/Logic Flaw
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
Design/Logic Flaw
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
UBUNTU-CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-1623
CVE-2016-1623 affects Google Chrome before 48.0.2564.109. The DOM implementation does not properly restrict frame-attach operations during or after frame-detach, allowing remote attackers to bypass the Same Origin Policy via a crafted site. Root cause involves functions/files cited: FrameLoader.c...
CVE-2016-1622
CVE-2016-1622 affects Google Chrome prior to 48.0.2564.109. The Extensions subsystem does not prevent use of Object.defineProperty to override intended extension behavior, enabling remote attackers to bypass the Same Origin Policy via crafted JavaScript. Connected sources (e.g., Debian/Debian sec...
CVE-2016-1622
Removed by vendor...
CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...