Lucene search
K

185 matches found

Cvelist
Cvelist
added 2020/05/26 5:2 p.m.31 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.9AI score0.01351EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/05/26 5:2 p.m.33 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS8.9AI score0.01351EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/05/26 5:2 p.m.43 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS8AI score0.01351EPSS
Exploits0
Veracode
Veracode
added 2019/11/25 1:42 a.m.17 views

Cross-Site Scripting (XSS)

Pannellum is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to insufficient sanitization for data URLs such as vbscript:...

6.1CVSS3.2AI score0.00697EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/05/02 5:51 a.m.20 views

Privilege Escalation

Firefox Firefox ESR and Thunderbird are vulnerable to privilege escalation. A remote user can create a specially crafted SVG image that, when loaded by the target user, will access restricted external resources via 'data:' URLs. The affected component is SVG Image Handler...

7.5CVSS8.4AI score0.09931EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2019/04/26 5:29 p.m.4 views

CVE-2019-9808

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

5.3CVSS6.6AI score0.00397EPSS
Exploits0References2
Prion
Prion
added 2019/04/26 5:29 p.m.15 views

Design/Logic Flaw

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

5CVSS6.2AI score0.00397EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/26 4:10 p.m.17 views

CVE-2019-9808

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

6.3AI score0.00397EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/04/26 4:10 p.m.25 views

CVE-2019-9808

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

5.3CVSS7.5AI score0.00397EPSS
Exploits0
NVD
NVD
added 2019/01/09 7:29 p.m.19 views

CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

4.3CVSS3.5AI score0.00432EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/01/09 7:0 p.m.19 views

CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

5AI score0.00432EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/01/09 7:0 p.m.27 views

CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

4.3CVSS5.1AI score0.00432EPSS
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.9 views

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

7.5CVSS8.8AI score
Exploits0References10
Prion
Prion
added 2018/06/11 9:29 p.m.24 views

Cross site scripting

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

5CVSS6AI score0.09931EPSS
Exploits1References10Affected Software10
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.28 views

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

8AI score0.09931EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.38 views

CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

7.5CVSS8.9AI score0.09931EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/03/14 12:0 a.m.21 views

CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

5.3CVSS6.7AI score0.01213EPSS
Exploits0References3
OSV
OSV
added 2018/03/14 12:0 a.m.2 views

UBUNTU-CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

5.3CVSS6.7AI score0.01213EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2017/11/16 12:0 a.m.32 views

Mozilla Firefox Security Advisories (MFSA2017-24, MFSA2017-25) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

10CVSS8.6AI score0.07439EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/10/30 12:0 a.m.54 views

SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)

This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 bsc1060445 - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating...

10CVSS7.6AI score0.03641EPSS
Exploits3References21
Rows per page
Query Builder