122 matches found
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
UBUNTU-CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
nodejs: Bypass network import restriction via data URL
A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...
PT-2023-22267 · Red Bull · Laola.Redbull
Name of the Vulnerable Software and Affected Versions: laola.redbull application through 5.1.9-R for Android Description: The laola.redbull application exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI...
SUSE CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...
SUSE CVE-2007-1262
Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that are not properly filtered when viewed...
SUSE CVE-2007-3820
konqueror/konqcombo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...
SUSE CVE-2007-3819
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...
SUSE CVE-2008-2803
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...
SUSE CVE-2009-4363
TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...
SUSE CVE-2014-1504
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...