CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

Arbitrary file deletion

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

Code injection

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

Design/Logic Flaw

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox 59...

CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

CVE-2018-10174

The CVE concerns Digital Guardian Management Console 7.1.2.0015 with a server-side request forgery (SSRF) vulnerability. The issue lets remote attackers induce the console to access file:// URLs to read arbitrary files, and to send TCP traffic to intranet hosts or obtain NTLM hashes, even when th...

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

Automattic: Remote Code Execution in Wordpress Desktop

An attacker can create a malicious page that when viewed or edited in Wordpress Desktop App will results in remote code execution. This issue looks to be around this line of code: https://github.com/Automattic/wp-desktop/blob/develop/desktop/window-handlers/external-links/index.jsL38 If...

Tor Browser 7.0.8 IP Address Leak Vulnerability

TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address...

Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability

The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. The patch was issued late Friday and fixes a vulnerability found in Tor Browser version 7.0.8. The patch is in an upgrade to Tor Browser 7.0.9. Windows users running...

Microsoft Office 2007 Groove Security Bypass / Code Execution Exploit

Microsoft Office 2007 Groove contains a security bypass issue regarding 'Workspace Shortcut' files .GLK because it allows arbitrary registered URL Protocols to be passed, when only 'grooveTelespace://' URLs should be allowed, which allows execution of arbitrary code upon opening a 'GLK' file...

UBUNTU-CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

CVE-2014-1566

CVE-2014-1566 affects Mozilla Firefox on Android (before 31.1). Affected component: processing of file: URLs allows a crafted application to copy local files to the SD card and exfiltrate data from the Firefox profile directory. Root cause noted as an incomplete fix for CVE-2014-1515. Impact desc...

Code injection

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site...

Apple Safari file:// Arbitrary Code Execution

No description provided by source. $Id: safarifilepolicy.rb 13967 2011-10-17 03:49:49Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection...