684 matches found
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Updated firefox packages fix security vulnerability
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...
Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Oracle Linux 7 : thunderbird (ELSA-2021-4134)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4134 advisory. 91.3.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.3.0-2 - Update to 19.3.0 build2 91.3.0-1 - Upda...
Oracle Linux 8 : thunderbird (ELSA-2021-4130)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4130 advisory. 91.3.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.3.0-2 - Update to 19.3.0 build2 91.3.0-1 - Upda...
Oracle Linux 8 : firefox (ELSA-2021-4123)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4123 advisory. 91.3.0-1.0.1 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.3.0-1 - Update to 91.3.0...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla Firefox has an unspecified vulnerability (CNVD-2021-101166)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from the fact that by displaying form validity messages in the correct location, as well as permission prompts such as geolocation, the validity...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...
Mozilla Thunderbird < 91.3
The version of Thunderbird installed on the remote Windows host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions...
Mozilla Thunderbird < 91.3
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5131-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5131-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from the fact that by displaying form validity messages in the correct location, as well as permission prompts such as geolocation, the validity...
Esri Portal for ArcGIS Elevation of Privilege Vulnerability
Esri Portal for ArcGIS is a Web-oriented, enterprise-class software platform for providing geolocation services from Esri. Esri Portal for ArcGIS 10.9 and earlier versions have an elevation of privilege vulnerability that could be exploited by a remote attacker authenticated to emulate another...
How Google Geofence Warrants Helped Catch Capitol Rioters
A WIRED investigation has found 45 federal criminal cases that cite Google geolocation data to place suspects inside the US Capitol during the January 6 riot...
GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.” Zimperium uncovered more than 130...