ChromeCVELIST:CVE-2011-3881CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an proto property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
References
code.google.com/p/chromium/issues/detail?id=96047
code.google.com/p/chromium/issues/detail?id=96885
code.google.com/p/chromium/issues/detail?id=98053
code.google.com/p/chromium/issues/detail?id=99512
code.google.com/p/chromium/issues/detail?id=99750
googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
secunia.com/advisories/48288
secunia.com/advisories/48377
www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
www.securitytracker.com/id?1026774
android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef
exchange.xforce.ibmcloud.com/vulnerabilities/70959
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940
Related
