firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

PT-2025-27863 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser for iOS versions prior to 3.9.1.4206 Description: The issue allows an attacker to execute malicious scripts in the browser via a crafted JavaScript scheme. This can be achieved by manipulating a specific JavaScript scheme...

Naver Whale browser for iOS 安全漏洞

Naver Whale browser for iOS is a browser from the South Korean company Naver. A security vulnerability exists in Naver Whale browser for iOS prior to version 3.9.1.4206, which originates from a specially crafted JavaScript scheme that could lead to the execution of malicious scripts...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 138, which stems from mishandling of the javascript: URI, which could lead to a sandbox escape...

CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56357 Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1...

PT-2024-36801 · Unknown · Grist-Core

Name of the Vulnerable Software and Affected Versions: grist-core versions prior to 1.3.2 Description: The issue arises when a user visits a malicious document and clicks on a link in a HyperLink cell using a control modifier, such as Ctrl+click. This could lead to account compromise, as the link...

PT-2024-36799 · Unknown · Grist-Core

Name of the Vulnerable Software and Affected Versions: grist-core versions prior to 1.3.1 Description: A user visiting a malicious document or submitting a malicious form could have their account compromised due to the ability to use the javascript: scheme with custom widget URLs and form redirec...

GHSA-WW7P-8GFG-V82R Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior corresponding to @scrypted/core 0.1.142 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme...

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior corresponding to @scrypted/core 0.1.142 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme...

PT-2024-23307

Name of the Vulnerable Software and Affected Versions Typebot versions prior to 2.24.0 Description A reflected cross-site scripting XSS issue in the sign-in page of typebot.io may allow an attacker to hijack a user's account. The sign-in page takes the redirectPath parameter from the URL. If a us...

PT-2024-15683 · Facebook · Focus

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: The issue allows an attacker to execute unauthorized scripts on top origin sites in the urlbar by using a javascript: URI with a setTimeout race condition. This bypasses security measures,...

Mozilla Focus 安全漏洞

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. A code execution vulnerability exists in Mozilla Focus for iOS due to a race condition when using a javascript:URI with setTimeout. An attacker can exploit the vulnerability to execute arbitrary code on the system...