Описание
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [11.2.202.378-0trusty1]] |
| lucid | ignored | end of life |
| precise | released | 11.2.202.378-0precise1 |
| saucy | released | 11.2.202.378-0saucy1 |
| trusty | released | 11.2.202.378-0trusty1 |
| trusty/esm | DNE | trusty was released [11.2.202.378-0trusty1] |
| upstream | released | 11.2.202.394 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 11.2.202.394ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [11.2.202.394ubuntu0.14.04.1]] |
| lucid | ignored | end of life |
| precise | released | 11.2.202.394ubuntu0.12.04.1 |
| saucy | released | 11.2.202.394ubuntu0.13.10.1 |
| trusty | released | 11.2.202.394ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [11.2.202.394ubuntu0.14.04.1] |
| upstream | released | 11.2.202.394 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Уязвимость программного обеспечения Flash Player, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Уязвимость программного обеспечения Adobe Pepper Flash для Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
4.3 Medium
CVSS2