Computer Security
[EN] securityvulns.ru no-pyccku


Oxide security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14708
Type:client
Threat Level:
5/10
Description:Restrictions bypass.
Affected:OXIDE : oxide 1.0
CVE:CVE-2015-1304 (object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.)
 CVE-2015-1303 (bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.)
Original documentdocumentUBUNTU, [USN-2757-1] Oxide vulnerabilities (11.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod