UBUNTU-CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

UBUNTU-CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

chromium-browser: Cross-origin-bypass in Blink

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

Microsoft Windows MSXML3 Same Origin Policy SFB Vulnerability

Microsoft XML Core Services MSXML is a set of services that can be used to build XML-based Windows-native applications written in JScript, VBScript, and Microsoft development tools. A same-origin policy security feature bypass vulnerability exists in Microsoft XML Core Services MSXML. This...

Microsoft Windows XML Core Services Security Feature Bypass Vulnerability (3046482)

This host is missing an important security update according to Microsoft Bulletin MS15-039. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-1646

Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...

Design/Logic Flaw

Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...

CVE-2015-1646

Microsoft XML Core Services aka MSXML 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."...

CVE-2015-1646

CVE-2015-1646 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability is a same-origin policy security bypass in MSXML3 that can allow remote attackers to obtain sensitive information via a crafted DTD. Multiple sources (NVD entry and vulnerability repositories) describe the issue and ...

Microsoft XML Core Services CVE-2015-1646 Same Origin Policy Security Bypass Vulnerability

Description Microsoft XML Core Services is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the same-origin policy and perform unauthorized actions. This could be used to steal sensitive information or launch other attacks. Technologies Affected Avaya CallPil...

MS15-039: Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)

The remote host contains a version of Microsoft XML Core Services MSXML that is affected by a same-origin policy security bypass vulnerability. A remote attacker can exploit this vulnerability by convincing a user to click a specially crafted link, resulting in the disclosure of sensitive user...

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10571)

Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues. The following vulnerabilities have been fixed : - Miscellaneous memory safety hazards. MFSA 2015-30 / CVE-2015-0814 / CVE-2015-0815 - Use-after-free when using the Fluendo MP3 GStreamer plugin. MFSA 2015-31 / CVE-2015-0813 -...

CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1089

CVE-2015-1089 affects CFNetwork in Apple iOS prior to 8.3 and OS X prior to 10.10.3. The issue arises from improper handling of cookies during redirects in HTTP responses, allowing a remote attacker to bypass the Same Origin Policy via a crafted site. Affected components/files: CFNetwork (and rel...

CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1091

CVE-2015-1091 affects the CFNetwork Session component in Apple iOS < 8.3 and Apple OS X

CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...