4 matches found
CVE-2018-5143
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...
CVE-2018-5143
CVE-2018-5143 is reported against Mozilla Firefox versions before 59.0. The issue arises when a javascript: URL containing a tab character bypasses protocol removal in the address bar, enabling an XSS-style impact where a user could be socially engineered to execute a script in their own browser....
USN-3596-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...
CVE-2018-5143
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting XSS attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially...