5 matches found
EUVD-2008-6479
Malware in sbrugna...
Google Gears WorkerPool API绕过同源策略漏洞
BUGTRAQ ID: 32698 CVECAN ID: CVE-2008-6512 Google Gears是一个开源浏览器扩展,允许开发者开发离线网络程序。 Google Gears的WorkerPool API中存在跨域安全漏洞。如果攻击者在目标域上放置了包含有Google Gear命令的文件类型,然后从攻击域访问该文件,由于没有检查攻击域的响应头,因此可能绕过allowCrossOrigin函数的访问限制在目标域中运行worker代码。 Google Gears 0.5.4.2 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下...
CVE-2008-6512
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain,...
CVE-2008-6512
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain,...
CVE-2008-6512
The CVE concerns Google Gears' WorkerPool API, where