Mozilla: Clickjacking permission prompts using the fullscreen transition

The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant butto...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Mozilla: Clickjacking permission prompts using the fullscreen transition

The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant butto...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Mozilla: Clickjacking permission prompts using the fullscreen transition

The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant butto...

Fedora 39 : thunderbird (2023-985a025a03)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-985a025a03 advisory. Update to 115.5.0 https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/ https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes/...

The vulnerability of the HTTPS-only Mode setting in the Firefox browser allows attackers to carry out clickjacking attacks.

The vulnerability of the HTTPS-only Mode setting in the Firefox browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

RHEL 8 : firefox (RHSA-2023:7508)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7508 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

ALSA-2023:7501 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in MessagePort::Entangled CVE-2023-6205 Mozilla: Clickjacking...

ALSA-2023:7508 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in...

ALSA-2023:7500 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in MessagePort::Entangled CVE-2023-6205 Mozilla: Clickjacking...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in MessagePort::Entangled CVE-2023-6205 Mozilla: Clickjacking...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fixes: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in...

SUSE CVE-2023-6206

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox 12...

Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection

Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Debian: Security Advisory (DLA-3661-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3661-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3661-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 23, 2023 https://wiki.debian.org/LTS -...

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to carry out clickjacking attacks.

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

Mozilla Firefox ESR Security Advisories (MFSA2023-49, MFSA2023-52) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...