Same Origin Policy

Pierluigi Paganini July 03, 2019
Old known issue in Firefox allows HTML files to steal other files from victim’s system

Opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a weakness in the popular web browser. The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in […]

Pierluigi Paganini March 30, 2019
Expert disclosed two Zero-Day flaws in Microsoft browsers

The 20-year-old security researcher James Lee publicly disclosed details and proof-of-concept exploits for two zero-day vulnerabilities in Microsoft web browsers. The expert opted to disclose the flaw after the tech giant allegedly failed to address the zero-day issues privately he reported.The researcher reported the issues to Microsoft ten months ago, but the company did not […]

Pierluigi Paganini December 29, 2017
Samsung Android Browser is affected by a critical SOP bypass issue, a Metasploit exploit code is available

The browser app pre-installed on Samsung Android devices is affected by a critical SOP bypass issue, tracked as CVE-2017-17692. The browser app pre-installed on Android devices is affected by a critical flaw, tracked as CVE-2017-17692, that could be exploited by an attacker to steal data from browser tabs if the user visits an attacker-controlled site. The SOP bypass issue in […]

Pierluigi Paganini March 24, 2015
Adobe CVE-2011-2461 flaw is exploitable by 4 years although it was fixed

Security experts discovered that the Adobe CVE-2011-2461 vulnerability is exploitable by at least four years despite the company has issued a patch. Four years ago Adobe released a patch for the vulnerability CVE-2011-2461 that was affecting the Adobe Flex SDK 3.x and 4.x. The flaw was a cross-site scripting (XSS) vulnerability that allowed remote attackers to inject arbitrary […]

Pierluigi Paganini October 17, 2014
Same Origin Method Execution attack to perform unintended actions on a website on behalf of victims

A researcher presented a new attack method dubbed Same Origin Method Execution which could be exploited to impersonate the targeted user on many websites. Same Origin Method Execution (SOME) is a new technique of attack against website presented by Ben Hayak, researcher at Trustwave, at Black Hat Europe in Amsterdam. The Same Origin Method Execution (SOME) attack method is […]

Pierluigi Paganini September 17, 2014
Android Same Origin Policy flaw affects more than 70% devices

A serious flaw vulnerability has been discovered in the default browser on a large number of Android devices that allows to bypass the Same Origin Policy. A critical flaw has been discovered in the Web browser installed by default on the majority of Android mobile devices, it has been estimated that nearly 70 percent of the […]