8369 matches found
Firefox ESR < 31.8 Multiple Vulnerabilities (Logjam)
The version of Firefox ESR installed on the remote Windows host is prior to 31.8. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server doe...
CVE-2015-2743
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...
Security feature bypass
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...
CVE-2015-2743
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...
Mozilla Firefox/Firefox ESR/Thunderbird PDF.js Elevation of Privilege Vulnerability
Mozilla Firefox is a web browser released by Mozilla. An elevation of privilege vulnerability exists in Mozilla Firefox/Firefox ESR PDF.js, which can be exploited by remote attackers to execute arbitrary code via a same-origin policy bypass...
CVE-2015-2743
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...
UBUNTU-CVE-2015-2743
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2652-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2652-1 advisory. It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user we...
USN-2652-1 oxide-qt vulnerabilities
It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. CVE-2015-1266 ...
Google Chrome Blink Security Bypass Vulnerability (CNVD-2015-04149)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the bindings/scripts/v8types.py file in Blink used in Google Chrome 43.0.2357.81 and prior versions, which...
Mac OSX Safari 8.0.5 UXSS vulnerability technical analysis-vulnerability warning-the black bar safety net
Vulnerability description: The vulnerability affects version 6. 2. 6,7. 1. 6,8. 0. 61before the Apple Safari browser, the attacker can be through carefully constructed URLs to bypass the same origin policy any read the file. Vulnerability description: In the Safari browser, similar...
Google Chrome Blink Security Bypass Vulnerability (CNVD-2015-04099)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in Blink used in Google Chrome 43.0.2357.81 and earlier versions, which stems from the program's failure to...
Google Chrome Multiple Vulnerabilities-01 (Jun 2015) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome Multiple Vulnerabilities-01 (Jun 2015) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2015-1268
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...
CVE-2015-1267
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp,...
Design/Logic Flaw
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp,...
Design/Logic Flaw
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...
CVE-2015-1267
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp,...
CVE-2015-1268
bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...