Lucene search
K

50 matches found

RedHat Linux
RedHat Linux
added 2024/12/02 1:28 a.m.2 views

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

6.1CVSS7.2AI score0.00495EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/11/27 4:4 a.m.2 views

SUSE CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.3CVSS5.8AI score0.00495EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/11/26 10:23 p.m.16 views

CVE-2024-11694

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

6.1CVSS5.6AI score0.00495EPSS
Exploits0References9
OSV
OSV
added 2024/11/26 2:15 p.m.10 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS5.1AI score
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/11/26 1:33 p.m.6 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.3AI score0.00495EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/11/26 1:33 p.m.16 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

0.00495EPSS
Exploits0References7
CVE
CVE
added 2024/11/26 1:33 p.m.350 views

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions <133, Firefox ESR <128.5, Firefox ESR <115.18, Thunderbird <133, ...

6.1CVSS6.3AI score0.00495EPSS
Exploits0References8Affected Software2
Debian CVE
Debian CVE
added 2024/11/26 1:33 p.m.11 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.9AI score0.00495EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/11/26 1:33 p.m.24 views

CVE-2024-11694

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...

6.1CVSS6.5AI score0.00495EPSS
Exploits0
Kaspersky
Kaspersky
added 2024/11/26 12:0 a.m.15 views

KLA77555 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Security vulnerability in Enhanced Tracking Protection’s Strict mode can be...

8.8CVSS8.2AI score0.00704EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2024/11/26 12:0 a.m.64 views

KLA77549 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be...

9.8CVSS9.2AI score0.00833EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/08/13 4:24 p.m.2 views

mozilla: CSP strict-dynamic bypass using web-compatibility shims

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS7.2AI score0.00461EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/08/07 4:8 p.m.19 views

CVE-2024-7524

The Mozilla Foundation Security Advisory describes this flaw as: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element coul...

6.1CVSS9.1AI score0.00461EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/08/06 1:15 p.m.19 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

5.9AI score0.00461EPSS
Exploits0
OSV
OSV
added 2024/08/06 1:15 p.m.11 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS5.6AI score
Exploits0References4
OSV
OSV
added 2024/08/06 1:15 p.m.1 views

DEBIAN-CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS7.3AI score0.00461EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/08/06 1:15 p.m.20 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS6.8AI score0.00461EPSS
Exploits0References8
OSV
OSV
added 2024/08/06 1:15 p.m.3 views

UBUNTU-CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1CVSS5.6AI score0.00461EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/08/06 12:38 p.m.14 views

CVE-2024-7524

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and...

6.1AI score0.00461EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/08/06 12:0 a.m.27 views

firefox -- multiple vulnerabilities

[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...

6.6AI score
Exploits0References4
Rows per page
Query Builder