Lucene search
K

256 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability in the JavaScript URI Handler component of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird allows a hacker to escalate their privileges.

The vulnerability of the JavaScript URI Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird relates to reading data beyond the memory boundaries. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9.4CVSS7.6AI score0.00379EPSS
Exploits0References19Affected Software8
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.7 views

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

8.1CVSS6.4AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.9 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS6.4AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.6 views

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

4.7CVSS6.3AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.7 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

7.8CVSS6.3AI score0.00278EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/15 5:29 p.m.8 views

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

9.1CVSS7.4AI score0.00379EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/05/15 4:29 p.m.4 views

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

9.1CVSS7.4AI score0.00379EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/05/14 1:55 a.m.7 views

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

9.1CVSS7.4AI score0.00379EPSS
Exploits0References10
OSV
OSV
added 2025/05/09 12:42 p.m.3 views

OESA-2025-1488 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/05 10:13 a.m.11 views

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

9.1CVSS7.4AI score0.00379EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2025/04/30 6:59 a.m.3 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 bsc1241621: CVE-2025-2817: Potential privilege escalation in Firefox Updater MFSA-RESERVE-2025-193709: WebGL shader attribute memory corruption in Firefox for macOS...

8.5CVSS8.8AI score0.00538EPSS
Exploits0References4
OSV
OSV
added 2024/04/17 5:33 p.m.5 views

GHSA-8RMM-GM28-PJ8Q Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...

6CVSS6AI score0.00711EPSS
Exploits0References10
OSV
OSV
added 2024/02/22 3:15 p.m.8 views

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

4.7CVSS5.9AI score0.00313EPSS
Exploits0References2
OSV
OSV
added 2024/02/22 3:15 p.m.6 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

7.8CVSS5.8AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2024/02/22 3:15 p.m.18 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

7.8CVSS5.8AI score0.00278EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 3:15 p.m.20 views

Design/Logic Flaw

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

6.7AI score0.00278EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 3:15 p.m.20 views

Code injection

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

6.9AI score0.00313EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/02/22 2:56 p.m.23 views

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

4.7CVSS4.4AI score0.00313EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/02/22 2:56 p.m.27 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

7.8CVSS7AI score0.00278EPSS
Exploits0
CVE
CVE
added 2024/02/22 2:56 p.m.8151 views

CVE-2024-1563

CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...

8.1CVSS6.2AI score0.00387EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder