Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Opensuse Leap

CVE-2015-7214 What is CVE-2015-7214? Please see the follo...

Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs...

thunderbird: multiple issues

CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2015-08332)

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox versions prior to 43.0 and Firefox ESR version...

Cross-site reading attack through data and view-source URIs — Mozilla

Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files...

CVE-2007-3656

Mozilla Firefox 1.8.x and earlier versions are affected by CVE-2007-3656 due to not performing a security zone check for wyciwyg URIs. The issue allows a remote attacker to obtain sensitive information, potentially poison the browser cache, and may enable further attack vectors via HTTP 302 redir...