2060 matches found
DEBIAN-CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2024-9959
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2024-9959
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2024-9965
CVE-2024-9965 concerns Google Chrome/Chromium DevTools on Windows prior to 130.0.6723.58. The Debian advisory confirms the vulnerability allows remote code execution through a crafted HTML page after certain user UI interactions, due to insufficient data validation in DevTools. Affected user agen...
CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2024-9959
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2024-9959
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2024-9959
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2024-9959
CVE-2024-9959 affects Google Chrome/Chromium with a Use-After-Free in DevTools prior to 130.0.6723.58. A remote attacker who has compromised the renderer could potentially exploit heap corruption via a crafted Chrome Extension. The issue is associated with the Chromium DevTools component and has ...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...
Google Chrome < 130.0.6723.58 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...