Date: Mon, 15 Feb 2016 15:31:03 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r408939 - head/security/vuxml Message-ID: <201602151531.u1FFV3tW020392@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: miwi Date: Mon Feb 15 15:31:03 2016 New Revision: 408939 URL: https://svnweb.freebsd.org/changeset/ports/408939 Log: - Update Description from previous commit. PR: 207207 Suggested by: Jan Beich Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Feb 15 15:25:13 2016 (r408938) +++ head/security/vuxml/vuln.xml Mon Feb 15 15:31:03 2016 (r408939) @@ -73,8 +73,12 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml">; <p>The Mozilla Foundation reports:</p> <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44.0.2">; - <p>MFSA 2016-13 Same-origin-policy violation using Service Workers - with plugins</p> + <p>MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept + responses to plugin network requests made through the browser. Plugins which + make security decisions based on the content of network requests can have these + decisions subverted if a service worker forges responses to those requests. For + example, a forged crossdomain.xml could allow a malicious site to violate the + same-origin policy using the Flash plugin.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602151531.u1FFV3tW020392>