8369 matches found
Design/Logic Flaw
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...
Design/Logic Flaw
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...
CVE-2015-1253
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...
CVE-2015-1254
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...
CVE-2015-1254
CVE-2015-1254 affects Blink (core/dom/Document.cpp) used in Google Chrome before 43.0.2357.65. Root cause: inheritance of the designMode attribute, enabling a Same Origin Policy bypass via editing capabilities. Impact: cross-origin bypass potential in the DOM editing feature. Affected product lin...
CVE-2015-1253
CVE-2015-1253 affects Google Chrome (Blink DOM implementation). The vulnerability lies in core/html/parser/HTMLConstructionSite.cpp, allowing a cross-origin policy bypass by crafted JavaScript that appends to a SCRIPT element, related to insert and executeReparentTask. Impact is a Same Origin Pol...
CVE-2015-1254
Removed by vendor...
CVE-2015-1253
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...
UBUNTU-CVE-2015-1254
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...
SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2013:0850-1)
Mozilla Firefox has been updated to the17.0.6ESR security version upgrade as a LTSS roll up release. MFSA 2013-30: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memor...
CVE-2015-1254
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing...
UBUNTU-CVE-2015-1253
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...
CVE-2015-2718
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
Design/Logic Flaw
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
CVE-2015-2718
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
CVE-2015-2718
CVE-2015-2718 – Firefox WebChannel.jsm Same-Origin Policy bypass . Affected software: Mozilla Firefox versions prior to 38.0. The issue allows a remote attacker to obtain sensitive webchannel-response data by loading a crafted page in an IFRAME from a different site, bypassing the Same Origin Pol...
Mozilla Firefox 'WebChannel.jsm' Same-Origin Policy Bypass Vulnerability
Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox 'WebChannel.jsm' fails to properly handle message communication, allowing remote attackers to exploit the vulnerability to build malicious WEB pages and trick users into parsing them, which can be bypassed by a same-origin poli...
CVE-2015-2718
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
UBUNTU-CVE-2015-2718
The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...
Adobe Flash Player Same Origin Policy Bypass (APSB14-21: CVE-2014-0548)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...