Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed ‘MessageSender.url’ to the browser renderer process.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ublock-origin | < 1.42.0+dfsg-1 | ublock-origin_1.42.0+dfsg-1_all.deb |
Debian | 11 | all | ublock-origin | < 1.42.0+dfsg-1~deb11u1 | ublock-origin_1.42.0+dfsg-1~deb11u1_all.deb |
Debian | 10 | all | ublock-origin | < 1.42.0+dfsg-1~deb10u1 | ublock-origin_1.42.0+dfsg-1~deb10u1_all.deb |
Debian | 999 | all | ublock-origin | < 1.42.0+dfsg-1 | ublock-origin_1.42.0+dfsg-1_all.deb |
Debian | 13 | all | ublock-origin | < 1.42.0+dfsg-1 | ublock-origin_1.42.0+dfsg-1_all.deb |