Lucene search
K

122 matches found

redhat
redhat
added 2024/11/07 3:23 p.m.5 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/11/07 3:19 p.m.5 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/11/04 1:46 a.m.4 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 8:14 p.m.6 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 8:5 p.m.7 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 8:1 p.m.5 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 7:53 p.m.6 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 7:48 p.m.6 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 7:34 p.m.5 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/10/31 7:28 p.m.4 views

firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

5.4CVSS7.3AI score0.00291EPSS
Exploits0References9
osv
osv
added 2024/10/29 1:15 p.m.3 views

UBUNTU-CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

5.4CVSS6.8AI score0.00291EPSS
Exploits0References9
redhat
redhat
added 2024/09/03 2:29 a.m.2 views

nodejs: Bypass network import restriction via data URL

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/06/26 12:0 a.m.11 views

PT-2023-22267 · Red Bull · Laola.Redbull

Name of the Vulnerable Software and Affected Versions: laola.redbull application through 5.1.9-R for Android Description: The laola.redbull application exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI...

6.1CVSS7AI score0.00649EPSS
Exploits2References5
susecve
susecve
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page...

6.8CVSS6.6AI score0.01467EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1262

Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that are not properly filtered when viewed...

4.3CVSS5.9AI score0.0253EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:11 a.m.1 views

SUSE CVE-2007-3820

konqueror/konqcombo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

2.6CVSS6.9AI score0.02562EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3819

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

5CVSS6.9AI score0.02002EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 6:7 a.m.5 views

SUSE CVE-2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...

6.8CVSS7.8AI score0.03213EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-4363

TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...

4.3CVSS5.5AI score0.0137EPSS
Exploits1References5
susecve
susecve
added 2023/02/15 5:31 a.m.5 views

SUSE CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document that is accessed after a browser restart...

2.6CVSS7.7AI score0.02064EPSS
Exploits0References8
Rows per page
Query Builder