822 matches found
SUSE CVE-2020-6518
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2021-4063
Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2022-1309
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...
SUSE CVE-2022-3308
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
KLA20237 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security...
Mozilla Firefox < 110.0
The version of Firefox installed on the remote Windows host is prior to 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-05 advisory. - Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety...
KLA20235 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server...
The vulnerability of the DevTools set of tools for web development in the Google Chrome web browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the DevTools suite for web development in the Google Chrome web browser is related to type conversion errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially created HTML page...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Oracle Linux 7 : thunderbird (ELSA-2023-0456)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0456 advisory. 102.7.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.7.1-1 - Update to...
Oracle Linux 7 : firefox (ELSA-2023-0296)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5816-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5816-1 advisory. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new...
CVE-2023-23599
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Security Vulnerabilities fixed in Thunderbird 102.7 — Mozilla
An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Thunderbird GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call...
UBUNTU-CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mozilla Firefox ESR < 102.7
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...
Security Vulnerabilities fixed in Firefox ESR 102.7 — Mozilla
An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to...