svn commit: r408939 - head/security/vuxml
Martin Wilke
miwi at FreeBSD.org
Mon Feb 15 15:31:05 UTC 2016
Author: miwi
Date: Mon Feb 15 15:31:03 2016
New Revision: 408939
URL: https://svnweb.freebsd.org/changeset/ports/408939
Log:
- Update Description from previous commit.
PR: 207207
Suggested by: Jan Beich
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Feb 15 15:25:13 2016 (r408938)
+++ head/security/vuxml/vuln.xml Mon Feb 15 15:31:03 2016 (r408939)
@@ -73,8 +73,12 @@ Notes:
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Foundation reports:</p>
<blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44.0.2">
- <p>MFSA 2016-13 Same-origin-policy violation using Service Workers
- with plugins</p>
+ <p>MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept
+ responses to plugin network requests made through the browser. Plugins which
+ make security decisions based on the content of network requests can have these
+ decisions subverted if a service worker forges responses to those requests. For
+ example, a forged crossdomain.xml could allow a malicious site to violate the
+ same-origin policy using the Flash plugin.</p>
</blockquote>
</body>
</description>
More information about the svn-ports-all
mailing list