PT-2024-35884 · Pickplugins · Pickplugins Mail Picker

Name of the Vulnerable Software and Affected Versions: PickPlugins Mail Picker versions 1.0.14 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that an attacker...

Mozilla Firefox ESR Security Update (MFSA2024-65) - Windows

Mozilla Firefox ESR is prone to an enhanced tracking protection CSP frame-src bypass and DOM-based XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2024-11694

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

UBUNTU-CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions <133, Firefox ESR <128.5, Firefox ESR <115.18, Thunderbird <133, ...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

Security Vulnerabilities fixed in Firefox ESR 115.18 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. Enhanced Tracking Protection's Strict...

Mozilla Firefox ESR < 115.18

The version of Firefox ESR installed on the remote Windows host is prior to 115.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-65 advisory. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XS...

CVE-2024-51938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Charity Addon for Elementor charity-addon-for-elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through = 1.3.2...

CVE-2024-51933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dozyde Cookie Nonsense for YT yt-cookie-nonsense allows DOM-Based XSS.This issue affects Cookie Nonsense for YT: from n/a through = 1.2.0...

CVE-2024-51932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saif Kings Tab Slider kings-tab-slider allows DOM-Based XSS.This issue affects Kings Tab Slider: from n/a through = 1.0...

CVE-2024-51929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in philspectrum Icon Widget icon-widget-with-links allows DOM-Based XSS.This issue affects Icon Widget: from n/a through = 1.1.0...

CVE-2024-51931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shazahanul Islam Shohag AzonBox azonbox allows DOM-Based XSS.This issue affects AzonBox: from n/a through = 1.1.2...

CVE-2024-51928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakir Hasan Blocks Post Grid blocks-post-grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through = 1.0.3...

CVE-2024-51927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asaduzzaman Abir Rig Elements For Elementor rig-elements allows DOM-Based XSS.This issue affects Rig Elements For Elementor: from n/a through = 1.0...

CVE-2024-51921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in midori scrollup scrollup allows DOM-Based XSS.This issue affects scrollup: from n/a through = 1.1...