Google Chrome PDF Viewer Security Bypass Vulnerability (Nov 2015) - Linux

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Google Chrome PDF Viewer Security Bypass Vulnerability (Nov 2015) - Windows

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Google Chrome PDF Viewer Security Bypass Vulnerability (Nov 2015) - Mac OS X

Google Chrome is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

Design/Logic Flaw

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

UBUNTU-CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

flash-plugin: information leak and hardening fixes in APSB15-25

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain...

CVE-2015-1302

CVE-2015-1302 affects Google Chrome prior to 46.0.2490.86, where the PDF viewer could leak information and bypass Same Origin Policy by exposing scripting messages and APIs via pdf.js and out_of_process_instance.cc. This is a vulnerability in the PDF rendering path used by Chrome, enabling an inf...

CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

CVE-2015-1302

Removed by vendor...

Mageia: Security Advisory (MGASA-2015-0427)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox and Firefox ESR Same Origin Policy Bypass Vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. Mozilla Firefox incorrectly uses the CORS cross-origin request algorithm of the POST method to handle the server-side Content-Type header, and a remote attacker can exploit the vulnerability to...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-07432)

Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox that allows remote attackers to bypass the same-origin policy and read downloaded or cached profile data using the file: URL in a saved HTML document...

CVE-2015-7188

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

Hardcoded credentials

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

Design/Logic Flaw

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...

Cross site scripting

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...