8385 matches found
UBUNTU-CVE-2015-7193
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack...
CORS preflight is bypassed when non-standard Content-Type headers are received — Mozilla
Security researcher Shinto K Anto reported an issue with cross-origin resource sharing CORS "preflight" requests when receiving certain Content-Type headers. This is due to an error in implementation resulting in trying to process multiple media types when they are returned in the Content-Type...
Trailing whitespace in IP address hostnames can bypass same-origin policy — Mozilla
Security researcher Michał Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead...
Mozilla Firefox Cross-Origin Restriction Bypass Vulnerability (Oct 2015) - Windows
Mozilla Firefox is prone to cross-origin restriction bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mozilla Firefox Cross-Origin Restriction Bypass Vulnerability (Oct 2015) - Mac OS X
Mozilla Firefox is prone to cross-origin restriction bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
USN-2770-2: Oxide vulnerabilities
USN-2770-1 fixed vulnerabilities in Oxide in Ubuntu 14.04 LTS and Ubuntu 15.04. This update provides the corresponding updates for Ubuntu 15.10. Original advisory details: It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some...
Mozilla Firefox Same Origin Policy Bypass Vulnerability
Mozilla Firefox is a free and open source browser developed by the Mozilla Foundation in conjunction with the open source community for the Windows, Linux and MacOS X platforms. A same-origin policy bypass vulnerability exists in versions of Mozilla Firefox prior to 41.0.2. It allows remote...
[SECURITY] [DSA 3376-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3376-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...
Adobe AIR < 19.0.0.213 Multiple Vulnerabilities (APSB15-25)
Binary data 9005.prm...
Flash Player < 19.0.0.185 Multiple Vulnerabilities (APSB15-23)
Binary data 9004.prm...
Flash Player < 19.0.0.207 Multiple Vulnerabilities (APSB15-25)
Binary data 9006.prm...
Debian DSA-3376-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. - CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 JavaScript library. -...
USN-2770-1 oxide-qt vulnerabilities
It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...
USN-2770-1: Oxide vulnerabilities
It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...
Debian Security Advisory DSA 3376-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library...
DSA-3376-1 chromium-browser - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3376-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
Cross site scripting
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...