Read Time:23 Second

Posted by Jonathan Gregson via Fulldisclosure on Apr 28

Hi Georgi,

As you suggested, this is a CSRF attack. Using such techniques to attack or enumerate local applications has been known
for some time and is a very difficult issue to address. Browsers have done well in preventing malicious _authenticated_
cross-site requests, but as you’ve found, attackers can still use such techniques for enumeration and information
gathering.

Fortunately, it’s not very practical except in targeted…

Read More

More Stories

kernel-6.3.7-100.fc37

FEDORA-2023-4426b7005f Packages in this update: kernel-6.3.7-100.fc37 Update description: The 6.3.7 stable kernel update contains a number of important fixes across...

kernel-6.3.7-200.fc38

FEDORA-2023-75b22000cd Packages in this update: kernel-6.3.7-200.fc38 Update description: The 6.3.7 stable kernel update contains a number of important fixes across...

chromium-114.0.5735.106-1.fc38

FEDORA-2023-6fe7ff3452 Packages in this update: chromium-114.0.5735.106-1.fc38 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.el8

FEDORA-EPEL-2023-c018b37680 Packages in this update: chromium-114.0.5735.106-1.el8 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.fc37

FEDORA-2023-f4954af225 Packages in this update: chromium-114.0.5735.106-1.fc37 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.el9

FEDORA-EPEL-2023-5b8cf596eb Packages in this update: chromium-114.0.5735.106-1.el9 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

Generated by Feedzy