Sunday, November 28, 2021

Data Exfiltration via CSS + SVG Font

This post will show that the SVG fonts and CSS can be used for reading the page's text contents. There are several known ways to read th...
28 comments:
Saturday, October 17, 2020

Discord Desktop app RCE

A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...
52 comments:
Sunday, May 17, 2020

CVE-2020-11022/CVE-2020-11023: jQuery 3.5.0 Security Fix details

jQuery 3.5.0 was released last month. In this version, two bugs which I reported are included as "Security Fix". jQuery 3.5.0 Re...
44 comments:
Thursday, May 24, 2018

CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox

In this blogpost, I'd like to write about a CSP strict-dynamic bypass vulnerability which is fixed in Firefox 60. https://www.mozilla....
79 comments:
Tuesday, December 27, 2016

XSS Auditor bypass using obscure <param> tag

Hi there! I just found an XSS Auditor bypass by accident when I read Chromium's code for the another reason. In this short post, I'...
21 comments:
Thursday, October 6, 2016

XSS via Referrer After Anniversary Update

Since the Windows 10 anniversary update, it seems that Microsoft killed some XSS tricks on IE11/Edge. The referrer behavior is one of them. ...
17 comments:
Sunday, September 25, 2016

CVE-2016-4758: UXSS in Safari's showModalDialog

I would like to share about details of Safari's UXSS bug(CVE-2016-4758). This bug was fixed in Safari 10. https://support.apple.com/en...
319 comments: