[SECURITY] [DSA 2905-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...

Respondly: DNS Misconfiguration

Hey !! Daksh Here !! This time i would like to report DNS Misconfiguration in your site . I have noticed your http://localhost.respond.ly/ has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy:...

Respondly: x-frame options-sameorigin warning

As the x-frame options set to same-origin it still may be vulnerable to clickjacking attacks how? by using this code Better explanation: http://www.skeletonscribe.net/2012/06/x-frame-options-sameorigin-warning.html...

Localize: ClickJacking

It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...

Debian DSA-2905-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1716 A cross-site scripting issue was discovered in the v8 JavaScript library. - CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 JavaScript library. - CVE-2014-1718 Aaron Staple discovered an intege...

[SECURITY] [DSA 2905-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2905-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq -...

Internet Explorer Cross Domain Document Switching (MS09-019) - Ver2 (CVE-2007-3091)

Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a script that can create a race condition that could break the same-origin policy of Internet Explorer and re...

DSA-2905-1 chromium-browser - security update

Bulletin has no description...

IRCCloud: DNS Misconfiguration

Your localhost.irccloud.com has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded...

Google Chrome拖处理本地文件路径伪造跨域绕过漏洞

CVE ID:CVE-2014-1726 Google Chrome是一款流行的WEB浏览器。 Google Chrome处理拖操作存在一个未明安全漏洞，可导致伪造本地文件路径，绕过同源策略。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞，建议用户下载使用： https://www.google.com/chrome/...

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

UBUNTU-CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

Design/Logic Flaw

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

CVE-2014-1726

CVE-2014-1726 affects Google Chrome up to version 34.0.1847.116. The vulnerability arises in the drag implementation, enabling a user-assisted remote attacker to bypass the Same Origin Policy and forge local pathnames by exploiting renderer access. The issue is described across multiple public ad...

CVE-2014-1726

Removed by vendor...

Debian DSA-2883-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. - CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. - CVE-2013-6655 cloudfuzzer discovered a use-after-fr...

Debian: Security Advisory (DSA-2883-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...