-
Notifications
You must be signed in to change notification settings - Fork 252
CVE 2015 1253
Max Mendelson edited this page Dec 19, 2016
·
7 revisions
||| |:----|:------|:------| |CVE_ID| CVE-2015-1253 | |version_broken|Revision 191769| |version_fixed|Revision 191807| |file/s|core/html/parser/HTMLConstructionSite.cpp| |subsystem|AppCache| |code review ID|1463463003|
Scripting was allowed during the DOM parsing tree. This meant that a script tag was allowed to be executed while the system was accessing the HTML parsing tree. This made it possible to bypass cross-origin security.
| CVSS | |
|---|---|
| Overall | 7.5 |
| Confidentiality | Partial |
| Integrity | Partial |
| Availability | Partial |
| Access Complexity | Low |
| Authentication | None |
| Access Vector | Network |
| commit_id | Revision 191769 |
| commit_date | 03-12-2015 |
| user_username | [email protected] |
| user_name | Eric Willigers |
| date | 2015-05-20 |
| user_name | Vasyl Kaigorodov <[email protected]> |
| metasploit | None |
| bounty | $7,500 |
| commit_id | Revision 191807 |
| commit_date | 2015-03-13 |
| user_username | [email protected] |
| user_name | Hajime Morrita |
| method | added a "ScriptForbiddenScope" object to suppress script during parser adjusting DOM node location |
| files changed | 1 |
| lines of code | 7 |