Clientless SSL VPN products break web browser domain-based security models Vulnerability Note VU#261869 Original Release Date: 2009-11-30 | Last Revised: 2013-06-20 Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Web browsers enfor