8383 matches found
chromium-browser: Cross-origin bypass in DOM
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...
chromium-browser: Cross-origin bypass in V8
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...
chromium-browser: information leak in PDF viewer
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...
CVE-2015-1304
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...
UBUNTU-CVE-2015-1304
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...
CVE-2015-1303
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...
UBUNTU-CVE-2015-1303
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...
Adobe Flash Player Same Origin Bypass Vulnerability
Adobe Flash Player is a Flash file processing program.Adobe AIR is a cross-operating system runtime library produced by Adobe, through which developers can take advantage of existing Web development technology. A same-origin policy bypass vulnerability exists in Adobe Flash Player, which allows...
Google Chrome < 43.0.2357.132 Multiple Vulnerabilities
Binary data 8881.pasl...
Apple iOS Same Origin Policy Bypass Vulnerability
Apple iOS is an operating system for handheld devices developed by Apple Inc. Apple iOS suffers from a same-origin policy bypass vulnerability. It allows remote attackers to bypass the same-origin policy and obtain object references via customized event messages...
Apple iOS Same Origin Policy Bypass Vulnerability (CNVD-2015-06262)
Apple iOS is an operating system for handheld devices developed by Apple Inc. Apple iOS suffers from a same-origin policy bypass vulnerability. Allows remote attackers to pass the same-origin policy via a crafted web site...
Firefox OS < 2.2 Multiple Vulnerabilities
Binary data 8878.prm...
KLA10673 Security bypass vulnerabilties at Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities 1. Improper method restrictions at Google V8 can be exploited remotely via a specially designed method...
Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information
Overview RFC 6265 previously RFC 2965 established HTTP State Management, also known as "cookies". In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information. Description HTTP cookies have long...
flash-plugin: information leaks and hardening bypass fixed in APSB15-23
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...
CVE-2015-6679
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...
CVE-2015-6679
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...
Design/Logic Flaw
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...
UBUNTU-CVE-2015-6679
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...
CVE-2015-6679
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive...