Lucene search
K

435 matches found

RedHat Linux
RedHat Linux
added 2022/07/01 1:32 a.m.2 views

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

6.5CVSS7.3AI score0.0058EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/01 12:27 a.m.5 views

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

6.5CVSS7.3AI score0.0058EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.55 views

RHEL 8 : firefox (RHSA-2022:5474)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5474 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

9.8CVSS7.7AI score0.23941EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.58 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-181-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.0 / 91.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-181-01 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of...

9.8CVSS8.1AI score0.23941EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.82 views

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these...

9.8CVSS7.8AI score0.23941EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.47 views

Debian DLA-3064-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3064 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume...

9.8CVSS8AI score0.23941EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.49 views

Oracle Linux 7 : firefox (ELSA-2022-5479)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5479 advisory. 91.11.0-2.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

9.8CVSS7.4AI score0.23941EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.67 views

Oracle Linux 8 : thunderbird (ELSA-2022-5470)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5470 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.11.0-2 - Update to 91.11.0 build2 91.11.0-1 -...

9.8CVSS7.4AI score0.23941EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.73 views

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showe...

9.8CVSS7.8AI score0.23941EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.43 views

Oracle Linux 7 : thunderbird (ELSA-2022-5480)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5480 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.11.0-2 - Update to...

9.8CVSS7.4AI score0.23941EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2022/06/30 11:21 p.m.3 views

Mozilla: CSP bypass enabling stylesheet injection

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

6.5CVSS7.3AI score0.0058EPSS
Exploits0References5
Veracode
Veracode
added 2022/06/29 6:1 p.m.24 views

Information Disclosure

Mermaid is vulnerable to information disclosure. The vulnerability exists due to a css injection into the generated graph allowing for arbitrary graph modification leading to information disclosure by querying form data by css selectors...

6.1CVSS6AI score0.00849EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2022/06/29 12:35 p.m.29 views

CVE-2022-31744

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy...

6.5CVSS2.9AI score0.0058EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/06/29 12:0 a.m.32 views

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10...

9.8CVSS7.7AI score0.23941EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2022/06/29 12:0 a.m.33 views

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of...

9.8CVSS7.7AI score0.23941EPSS
Exploits2References10
NVD
NVD
added 2022/06/28 7:15 p.m.12 views

CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS0.00849EPSS
Exploits1References2
OSV
OSV
added 2022/06/28 7:15 p.m.1 views

UBUNTU-CVE-2022-31108

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

6.1CVSS6.5AI score0.00849EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/28 6:35 p.m.19 views

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

4.1CVSS6.2AI score0.00849EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/06/28 6:35 p.m.3 views

CVE-2022-31108 Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the...

4.1CVSS6.3AI score0.00849EPSS
Exploits1References2
Mozilla
Mozilla
added 2022/06/28 12:0 a.m.195 views

Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected. Session history navigations m...

9.8CVSS0.7AI score0.01064EPSS
Exploits0References15Affected Software1
Rows per page
Query Builder