CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4689

CVE-2011-4689 affects Microsoft Internet Explorer 6–9 and is a timing-based information-disclosure vulnerability in which SOP/Same Origin Policy timing data can be captured during IFRAME loading. Several connected sources (Red Hat advisory, NVD entry, and OpenVAS/SEebug records) describe that rem...

CVE-2011-4689

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4688

CVE-2011-4688 affects Mozilla Firefox 8.0.1 and earlier. The issue enables an attacker to infer whether a document is present in the browser cache by observing data related to the timing of Same Origin Policy violations during iframe load attempts, via crafted JavaScript. The OpenVAS entries corr...

CVE-2011-4681

Opera before 11.60 does not properly consider the number of . dot characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as...

CVE-2011-4691

Removed by vendor...

CVE-2011-4691

The CVE-2011-4691 entry concerns Google Chrome 15.0.874.121 and earlier. According to connected sources, the flaw enables an attacker to infer whether a document exists in the browser cache by observing the timing of Same Origin Policy violations during IFRAME loading, via crafted JavaScript. Aff...

CVE-2011-4682

CVE-2011-4682 corresponds to an Opera JavaScript engine issue where the in operator is not correctly implemented, allowing remote attackers to bypass the Same Origin Policy via cross-site variable vectors. The vulnerability affects Opera releases prior to 11.60, with exploitation leading to poten...

CVE-2011-4682

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites...

CVE-2011-4690

CVE-2011-4690 affects Opera 11.60 and earlier. The vulnerability arises because Opera does not prevent capturing timing data related to Same Origin Policy violations during IFRAME loading, enabling remote attackers to determine whether a document exists in the browser cache via crafted JavaScript...

CVE-2011-4691

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4681

Opera before 11.60 is affected by a vulnerability where the browser does not properly account for the number of dot characters in domain names within the same top-level domain, allowing a remote attacker to bypass the Same Origin Policy by accessing a differently named domain in the same TLD (e.g...

CVE-2011-4688

Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

Ubuntu Update for icedtea-web USN-1263-1

Ubuntu Update for Linux kernel vulnerabilities USN-1263-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12631.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for icedtea-web USN-1263-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu: Security Advisory (USN-1263-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST)

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

Adobe Flash Player跨域安全限制绕过漏洞

BUGTRAQ ID: 50629 CVE ID: CVE-2011-2458 Adobe Flash Player是一个集成的多媒体播放器。 Adobe Flash Player在实现上存在安全限制绕过漏洞，远程攻击者可利用此漏洞绕过某些同源策略限制。 Adobe Flash Player 9.x Adobe Flash Player 10.x Adobe AIR 3.x 厂商补丁： Adobe ----- Adobe已经为此发布了一个安全公告（APSB11-28）以及相应补丁: APSB11-28：Security update available for Adobe Flash...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170)

Security issues were identified and fixed in openjdk icedtea6 and icedtea-web : IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking CVE-2011-3547. IcedTea6 prior to 1.10.4 allow...