CVE-2015-1254 Information

Description

core/dom/Document.cpp in Blink as used in Google Chrome before 43.0.2357.65 enables the inheritance of the designMode attribute which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

Reference

http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=444927 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?revision=192658&view=revision