3797 matches found
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in improper restrictions on the number of user interface layers that can be displayed. This allows attackers to carry out clickjacking attacks.
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of user interface layers that are displayed when loading invalid TLS certificates. Exploiting this vulnerability allows a remote attacker to carry out a...
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Mozilla: Click-jacking certificate exceptions through rendering lag
The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to clickjacking (CVE-2023-23482)
Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability of missing X-Frame-Options Header which leads to Clickjacking. Vulnerability Details CVEID:CVE-2023-23482 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote attacker to hijack the clicking action ...
CVE-2023-23482 IBM Sterling Partner Engagement Manager clickjacking
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...
CVE-2023-23482 IBM Sterling Partner Engagement Manager clickjacking
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...
CVE-2023-3140
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
Design/Logic Flaw
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140
CVE-2023-3140 affects KNIME Business Hub prior to 1.4.0. The root cause is a missing HTTP security header set (X-Frame-Options and Content-Security-Policy), enabling clickjacking where an attacker can embed the app in a malicious page and trick users into actions on the original site. Impact deta...
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
PT-2023-23297 · Knime · Knime Business Hub
Name of the Vulnerable Software and Affected Versions: KNIME Business Hub versions prior to 1.4.0 Description: The issue is related to missing HTTP headers, specifically X-Frame-Options and Content-Security-Policy, in KNIME Business Hub. This omission leaves users vulnerable to clickjacking...
The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to expose accounting data for authentication purposes and carry out clickjacking attacks.
The vulnerability of the ABB eSOMS production process management software lies in the absence of the X-Frame-Options header in HTTP responses. Exploiting this vulnerability allows a remote attacker to obtain authentication credentials and perform clickjacking attacks...
Cloudflare WARP 安全漏洞
Cloudflare WARP Cloudflare Vpn is a client application for secure connections from Cloudflare, Inc. in the United States. A security vulnerability exists in Cloudflare WARP that stems from a misconfiguration that makes it susceptible to clickjacking attacks...
Mozilla: Potential permissions request bypass via clickjacking
The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions...
Mozilla: Potential permissions request bypass via clickjacking
The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions...
ALSA-2023:3220 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fixes: Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver...