Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

SUSE-SU-2023:2489-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR bsc1211922: - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12...

Mozilla Firefox ESR Security Advisories (MFSA2023-18, MFSA2023-20) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

SUSE: Security Advisory (SUSE-SU-2023:2440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:2441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisories (MFSA2023-18, MFSA2023-20) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisories (MFSA2023-18, MFSA2023-20) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisory (MFSA2023-20) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2023-20. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

GHSA-M5PM-RGVF-VG22 Apache OpenMeetings vulnerable to Cross-Site Request Forgery

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery CSRF attacks, XSS attacks, click-jacking, and MIME based attacks. The issue is fixed in version 3.3.0...

Security Bulletin: GDS component of IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-4960, CVE-2015-4958, CVE-2015-7414)

Summary GDS component of IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Cross-Site Scripting, Caching of HTTP response and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-4960 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborative...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-1984, CVE-2015-1968, CVE-2015-1982, CVE-2015-1980)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation, Cross-Site Scripting, Server Path Disclosure and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-1984 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborativ...

Click Jacking

sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers...

CVE-2021-43048 TIBCO PartnerExpress Click-Jacking vulnerability

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...

TIBCO Security Advisory: November 16, 2021 - TIBCO PartnerExpress -2021-43048

TIBCO PartnerExpress Click-Jacking vulnerability Original release date: November 16, 2021 Lastrevised: CVE-2021-43048 Source: TIBCO SoftwareInc. Products Affected TIBCO PartnerExpress versions 6.2.1 and below The following components are affected: Interior Server Gateway Server Description The...

TIBCO Security Advisory: November 16, 2021 - TIBCO PartnerExpress -2021-43048

TIBCO PartnerExpress Click-Jacking vulnerability Original release date: November 16, 2021 Lastrevised: CVE-2021-43048 Source: TIBCO SoftwareInc. Products Affected TIBCO PartnerExpress versions 6.2.1 and below The following components are affected: Interior Server Gateway Server Description The...

Mozilla Firefox Security Advisory (MFSA2012-75) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Design/Logic Flaw

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-35237

The CVE-2021-35237 entry describes a missing HTTP header (X-Frame-Options) in Kiwi Syslog Server, enabling clickjacking. Affected software: Kiwi Syslog Server; vulnerability is due to absence of the X-Frame-Options header in HTTP responses. Impact: potential user interaction manipulation via embe...

SUSE: Security Advisory (SUSE-SU-2013:0325-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...