CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...

SUSE-SU-2015:1476-1 Security update for MozillaFirefox, mozilla-nss

Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR bsc943608 MFSA 2015-94/CVE-2015-4497 bsc943557 Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 bsc943558...

Firefox < 39.0.3 - pdf.js Same Origin Policy Exploit

CVE-2015-4495Description:This exploit allow attacker to read and copy information on victim's computer, once they view the web site crafted with this exploit. //exploit.js: var starttimeout=2000; var sandboxcontexti=null; var DIRCACHE=; var FILECACHE=; var hidden=true; var mywinid=null; function...

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt&#039;s Sound Object

Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for https://code.google.com/p/chromium/issues/detail?id=481639 --- An instance of ActionScript's Sound class allows for...

Mozilla Firefox JSON Parsing Same Origin Policy Bypass Vulnerability

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability when parsing JSON, which allows remote attackers to construct malicious WEB pages and trick users into parsing them, redefine non-configurable attributes on JavaScript objects, and bypass the...

CVE-2015-3753

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...

CVE-2015-3753

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...

Design/Logic Flaw

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...

UBUNTU-CVE-2015-3753

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...

CVE-2015-3753

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a...

CVE-2015-3753

CVE-2015-3753 affects WebKit used in Apple Safari (before 6.2.8, before 7.1.8 for 7.x, and before 8.0.8 for 8.x; on iOS prior to 8.4.1). The root cause is improper taint checking for CANVAS elements, which could allow remote attackers to bypass the Same Origin Policy and exfiltrate sensitive imag...

CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

Design/Logic Flaw

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

CVE-2015-4478

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method...

CVE-2015-4478

CVE-2015-4478 affects Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2. The issue arises when parsing JSON with JSON.parse and a reviver, which can redefine non-configurable properties on JavaScript objects and bypass the Same Origin Policy. Affected products: Firefox/ESR; root cause:...

Android System Google Admin app exposed 0day vulnerabilities, can bypass the sandbox-vulnerability warning-the black bar safety net

MWR Labs researchers discovered a 0day vulnerability exists in the Android system of the Google Admin app to handle some URL in the way that, by the vulnerability the attacker can bypass the Android sandbox mechanism. The vulnerability principle For the Google Android security team, this month is...

Firefox 39.03 - pdf.js Same Origin Policy Exploit

Exploit for multiple platform in category local exploits / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...