Design/Logic Flaw

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...

Design/Logic Flaw

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures...

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures...

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures...

CVE-2011-3653

CVE-2011-3653 affects Mozilla Firefox < 8.0 and Thunderbird

CVE-2011-3649

CVE-2011-3649 affects Mozilla Firefox 7.0 and Thunderbird 7.0 on Windows when using Direct2D with the Azure graphics backend, allowing cross-origin image data to be read via a manipulated canvas (Same Origin Policy bypass). The issue stems from a regression introduced by CVE-2011-2986. According ...

CVE-2011-3649

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...

RHEL 6 : icedtea-web (RHSA-2011:1441)

Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: icedtea-web security update

Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via...

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

Design/Logic Flaw

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

CVE-2011-3881

CVE-2011-3881 affects WebKit as used in Google Chrome <15.0.874.102 and Android

CVE-2011-3881

Removed by vendor...

Google Fixes 27 Bugs in Chrome 15

Google has fixed more than two dozen vulnerabilities in its Chrome browser and also implemented a defense against the BEAST SSL attack. The bugs fixed in the new version of Chrome include 11 high-severity flaws. As part of its bug bounty program, Google paid more than $26,000 in rewards to...

Google Chrome multiple vulnerabilities - October11 (Linux)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnoct11lin.nasl 7006 2017-08-25 11:51:20Z teissa $ Google Chrome multiple vulnerabilities - October11 Linux Authors: Sooraj KS Copyright: Copyright c 2011 Greenbo...

RHEL 5 : postgresql84 (RHSA-2011:1378)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1378 advisory. - cryptblowfish: 8-bit character mishandling allows different password pairs to produce the same hash CVE-2011-2483 Note that Nessus has not tested f...