8386 matches found
DEBIAN-CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
Design/Logic Flaw
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
CVE-2016-1949
CVE-2016-1949 affects Mozilla Firefox prior to 44.0.2 where Service Workers improperly interact with plugins, allowing remote attackers to bypass the Same-Origin Policy by a crafted site that triggers spoofed responses to NPAPI requests (e.g., crossdomain.xml). This is a network‑accessible vulner...
CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
firefox: same-origin policy bypass
Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...
UBUNTU-CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
Ubuntu: Security Advisory (USN-2893-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Firefox vulnerability (USN-2893-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2893-1 advisory. Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to...
USN-2893-1: Firefox vulnerability
Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to bypass same origin restrictions using the Flash plugin. CVE-2016-1949...
CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
firefox -- Same-origin-policy violation using Service Workers with plugins
The Mozilla Foundation reports: MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a servic...
UBUNTU-CVE-2016-1949
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...
FreeBSD : chromium -- multiple vulnerabilities (36034227-cf81-11e5-9c2b-00262d5ed8ee)
Google Chrome Releases reports : 6 security fixes in this release, including : - 546677 High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. - 577105 High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. - 509313 Medium CVE-2016-1625: Navigation bypass in...
Google Chrome < 48.0.2564.109 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 201602stable-channel-update9 advisory. - The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does n...
Google Chrome < 48.0.2564.109 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 201602stable-channel-update9 advisory. - The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not...
Stable Channel Update
The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 6 security fixes in this release, including: 546677 High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. 577105 High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. 509313 Medium CVE-2016-1625: Navigation bypass in Chrome...
Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium
Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables the same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated...