CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

CVE-2018-18496

CVE-2018-18496 is a clickjacking vulnerability in Mozilla Firefox’s feed preview page about:feeds. When the RSS Feed preview is framed in another page, scripted content can coerce a user into downloading and executing an executable from a temporary directory. It affects Firefox versions earlier t...

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

Mozilla Firefox < 64.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images...

Mozilla Firefox < 64 Multiple Vulnerabilities

Binary data 700411.prm...

Gradle Plugin Portal: the combination of Clickjacking and CSRF vulnerabilities to achieve account takeover-vulnerability warning-the black bar safety net

A Clickjacking vulnerability 1.1 about Clickjacking Clickjacking, also referred to as“user interface redress attack, UI Redress Attack”, and refers to an attacker uses multiple transparent or opaque layers, and convincing the user intends to click on the top of the page, click to other pages on t...

Clickjacking

jboss is vulnerable to clickjacking attacks. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console Clickjacking...

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

Input validation

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

CVE-2018-16172

CVE-2018-16172 affects Cybozu Remote Service (versions 3.0.0–3.1.8). The issue is an improper countermeasure against clickjacking on the client certificates management screen, which could allow a remote attacker to trick a user into deleting the user’s registered client certificate. Impact descri...

Clickjacking Vulnerability in Hitachi Automation Director

Overview A Clickjacking Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Mail.ru: Make user buy items via clickjacking possibility

Clickjacking attack could allow to force user to buy some item on lootdog.io...

IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple Vulnerabilities

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by multiple vulnerabilities : - IBM BigFix Platform is vulnerable to HTTP response splitting attacks, caused by...

Improper Restriction of Rendered UI Layers or Frames in Apache nifif

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

GHSA-2XPP-75VR-22VQ Improper Restriction of Rendered UI Layers or Frames in Apache nifif

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...

Clickjacking Attack

nifi-web-api is vulnerable to clickjacking attacks. The vulnerability exists due to the way the X-Frame-Options headers were inconsistently applied on HTTP responses. This results in different outcomes such as duplicate, or missing security headers, causing some browsers to insecurely interpret t...

Design/Logic Flaw

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on...