8384 matches found
UBUNTU-CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...
CVE-2015-7184
CVE-2015-7184 affects Mozilla Firefox before 41.0.2, where the fetch() API implementation did not adequately restrict access to the HTTP response body in certain cases when credentials are used. The issue arises from an improper handling of the CORS cross-origin request algorithm, allowing a remo...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-06769)
Google Chrome is an open source WEB browser. The 'ContainerNode::parserInsertBefore' function in the core/dom/ContainerNode.cpp file in Blink used by Google Chrome has a security vulnerability that can be exploited by a remote attacker to bypass the same-origin policy, as a program still performs...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-06764)
Google Chrome is an open source WEB browser. Google uses Blink in the Cascading Style Sheets CSS implementation of the core/css/CSSFontFaceSrcValue.cpp file in the 'CSSFontFaceSrcValue::fetch ' function in the core/css/css/CSSFontFaceSrcValue.cpp file contains a security vulnerability that can be...
Rosetta-Flash JSONP Vulnerability
Overview This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to...
Adobe Air Multiple Vulnerabilities -01 (Oct 2015) - Mac OS X
Adobe Air is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:adobeair"; ifdescription...
SUSE: Security Advisory for flash-player (SUSE-SU-2014:1124-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory for flash-player (SUSE-SU-2014:0671-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
chromium-browser: cross-origin bypass in Blink
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
chromium-browser: CORS bypass in CSS fonts
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...
flash-plugin: information leak and hardening fixes in APSB15-25
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain...
CVE-2015-6762
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...
Code injection
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
Cross site scripting
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
CVE-2015-6762
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...
CVE-2015-6762
CVE-2015-6762 affects Chromium/Google Chrome engines prior to 46.0.2490.71. The vulnerability lies in the CSSFontFaceSrcValue::fetch path in Blink’s CSS font loading, where the CORS cross-origin request algorithm is not used for fonts with seemingly same-origin URLs, allowing a remote server to b...
CVE-2015-6755
Removed by vendor...