Internet Explorer Same Origin Policy Bypass (CVE-2015-0072)

A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a web page. Successful exploitation can result in the disclosure of information about other web pages opened by...

Microsoft Internet Explorer Homology Bypass Vulnerability

Internet Explorer is a web browser from Microsoft. Internet Explorer 11 suffers from a same-origin policy bypass vulnerability, which can be exploited by an attacker to bypass the same-origin policy and gain access to the content of other arbitrary web domains, or execute malicious code to be...

Internet Explorer 11 Same Origin Bypass

insider3show insider3show function go w=window.frames0; w.setTimeout"alerteval'x=top.frames1;r=confirm\'Close this window after 3...

chromium-browser: same-origin-bypass in V8

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

Google Chrome V8 Same Origin Bypass Vulnerability

Google Chrome is a popular WEB browser. A security vulnerability in Google Chrome V8 Harmony proxy allows attackers to bypass the same-origin policy by calling JavaScript code via specially crafted Proxy.create and console.log...

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

Design/Logic Flaw

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

UBUNTU-CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header...

CVE-2014-7939

CVE-2014-7939 affects Google Chrome before 40.0.2214.91, where the Harmony proxy in V8 can bypass the Same Origin Policy via crafted JavaScript using Proxy.create and console.log, related to HTTP responses missing X-Content-Type-Options: nosniff. Affected component is Chrome’s V8/Chromium stack; ...

CVE-2014-7939

Removed by vendor...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)

The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assiste...

Vimeo: Misconfigured crossdomain.xml - vimeo.com

An overly permissive crossdomain.xml file on a domain that serves sensitive content is a major security risk. It exposes the domain hosting the improperly configured crossomain.xml file to information disclosure and request forgery. Attackers cannot only forge requests, they can read responses...

Steal Facebook user information: using Android same origin policy vulnerability a malicious application is found-vulnerability warning-the black bar safety net

A few months ago we studied the Android same origin policy（SOP）of vulnerability, however recently there has been a use of this vulnerability to Facebook user attack a malicious application, which utilizes code based on the disclosed Metasploit test code. myhack58 science: the same-origin policy...

Hacking Facebook Accounts Using Android 'Same Origin Policy' Vulnerability

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy SOP. The Android Same Origin Policy SOP vulnerability CVE-2014-6041 was first...

Apple Safari 'Webkit' Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

RHEL 6 : flash-plugin (RHSA-2014:1981)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:1981 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple...

Security update for flash-player (critical)

Flash-player was updated to version 11.2.202.245 fixing numerous vulnerabilities: memory corruption vulnerabilities that could lead to code execution CVE-2014-0587, CVE-2014-9164. use-after-free vulnerability that could lead to code execution CVE-2014-8443. stack-based buffer overflow vulnerabili...