8386 matches found
[SECURITY] [DSA 3422-1] iceweasel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3422-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 16, 2015 https://www.debian.org/security/faq -...
Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...
Design/Logic Flaw
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...
Design/Logic Flaw
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...
Information disclosure
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
CVE-2015-7215
CVE-2015-7215 affects Mozilla Firefox before 43.0 (and ESR 38.x) via the Web Workers importScripts implementation. The underlying issue is that triggering no-cors fetch via importScripts can bypass the Same Origin Policy, leading to information disclosure after a rethrow. Impact reported across m...
CVE-2015-7214
CVE-2015-7214 affects Mozilla Firefox before 43.0 and Firefox ESR before 38.5. A cross-site read bypass of the Same Origin Policy is possible via data: and view-source: URIs, allowing an attacker to read data from cross-site URLs and local files. Connected sources confirm the bypass vector and in...
CVE-2015-7207
CVE-2015-7207 affects Mozilla Firefox before 43.0. The vulnerability arises because the IFRAME Resource Timing API times are not properly restricted, allowing a remote attacker to bypass the Same Origin Policy and exfiltrate data via crafted JavaScript that uses history.back and performance.getEn...
CVE-2015-7207
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...
CVE-2015-7215
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...
Debian Security Advisory DSA 3422-1 (iceweasel - security update)
Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3422.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3422-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...
FreeBSD : mozilla -- multiple vulnerabilities (2c2d1c39-1396-459a-91f5-ca03ee7c64c6)
The Mozilla Project reports : MFSA 2015-134 Miscellaneous memory safety hazards rv:43.0 / rv:38.5 MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation MFSA 2015-137 Firefox allows...
USN-2833-1 firefox vulnerabilities
Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...
Same-origin policy violation using performance.getEntries and history navigation — Mozilla
Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of...
Cross-origin information leak through web workers error events — Mozilla
Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites...