MGASA-2015-0062 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attacke...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

Cisco Prime Infrastructure is an all-in-one package that provides complete infrastructure wired and wireless and mobile lifecycle management provisioning, monitoring, troubleshooting, fixing, and reporting. A cross-framework scripting vulnerability exists in Cisco Prime Infrastructure that could...

Major Internet Explorer Vulnerability - NOT Patched

Deusen just published code and description here: http://www.deusen.co.uk/items/insider3show.3362009741042107/ which demonstrates the serious security issue. Summary An Internet Explorer vulnerability is shown here: Content of dailymail.co.uk can be changed by external domain. How To Use 1. Close...

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

Binary data 8889.pasl...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2495-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2495-1 advisory. A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker cou...

chromium-browser: cross-origin-bypass in V8 bindings

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

USN-2495-1: Oxide vulnerabilities

A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed rende...

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

CVE-2015-0072

CVE-2015-0072 describes a Universal XSS (UXSS) in Internet Explorer 9–11, allowing remote injection of script by abusing IFRAME-based redirects and WindowProxy eval to bypass Same Origin Policy. The vulnerability affects Microsoft Internet Explorer versions 6–11 and can lead to arbitrary code exe...

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

Design/Logic Flaw

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

CVE-2015-1210

CVE-2015-1210 is a cross-origin bypass vulnerability in the Chrome/Blink V8 bindings. The issue arises in V8ThrowException::createDOMException within bindings/core/v8/V8ThrowException.cpp, which does not properly enforce frame access restrictions when throwing exceptions. A remote attacker could ...

CVE-2015-1210

Removed by vendor...

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

Microsoft Internet Explorer Same Origin Policy Security Bypass Vulnerability

Internet Explorer is a web browser from Microsoft. A security bypass vulnerability exists in the Microsoft Internet Explorer homology policy, which can be exploited by an attacker to bypass the homology policy and certain access restrictions to access data...

UBUNTU-CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the...

XSS Vulnerability in IE Could Lead to Phishing Attacks

Microsoft is aware of a recently disclosed bug in its latest browser, Internet Explorer 11, and is developing a patch for the issue. The vulnerability, a universal cross-site scripting XSS bug, could be exploited to steal information or inject code into domains on the browser on Windows 7 and 8.1...