CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

U.S. Dept Of Defense: [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-5832

CVE-2019-5832 affects Chromium/Chrome: an error in the Cross-Origin Resource Sharing (CORS) handling exposes cross-origin data when a crafted HTML page is loaded. Root cause: CORS-related flaw in Chromium’s policy enforcement. Impact stated as information disclosure via cross-origin leaks. Remedi...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

KLA11736 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Policy enforcement in Extensions component...

chromium-browser: Incorrect CORS handling in XHR

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Critical: thunderbird

Issue Overview: Mozilla: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11693 Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:1534-1 Rating: important References: 1135824 Cross-References: CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797...

Google Chrome Access Control Error Vulnerability

Google Chrome is a web browser from Google, an American company. An Access Control Error vulnerability exists in XHR in versions prior to Google Chrome 75.0.3770.80, which can be exploited by an attacker to bypass security restrictions and gain unauthorized access to the system...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Nvidia GeForce Experience Web Helper - Command Injection

//Send request to local GFE server function submitRequestport,secret var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:"+port+"/gfeupdate/autoGFEInstall/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...