243 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
The permission prompt input delay may expire if the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox 124, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in Firefox and Thunderbird
By displaying a form validation message in the correct location at the same time as a permission prompt such as for geolocation, the validation message could potentially obscure the prompt, allowing the user to be tricked into granting the permission. This vulnerability affects Firefox 94,...
JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...
MiracleLinux 7 : firefox-91.9.0-1.0.1.el7.AXS7 (AXSA:2022-3176:11)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3176:11 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...
MiracleLinux 8 : firefox-91.9.0-1.el8.ML.1 (AXSA:2022-3174:10)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3174:10 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...
MiracleLinux 7 : firefox-91.3.0-1.0.1.el7.AXS7 (AXSA:2021-2530:32)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2530:32 advisory. Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Mozilla: iframe sandbox rules d...
CVE-2025-48597
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2014-1575
Malware in sbrugna...
EUVD-2020-4736
Malware in sbrugna...
EUVD-2021-24960
Malware in sbrugna...
EUVD-2019-3435
Malware in sbrugna...
EUVD-2018-17866
Malware in sbrugna...
EUVD-2024-27558
Malicious code in bioql PyPI...
EUVD-2023-0507
Malicious code in bioql PyPI...
EUVD-2024-2077
Malicious code in bioql PyPI...
Security update for chromium, gn (important)
openSUSE Security Update: Security update for chromium, gn Announcement ID: openSUSE-SU-2025:0336-1 Rating: important References: 1249093 Cross-References: CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes four...
Linux Distros Unpatched Vulnerability : CVE-2018-6103
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2021-38508
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have...
CVE-2024-27936
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...
firefox: thunderbird: Origin of permission prompt could be spoofed by long URL
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt...