15 matches found
CVE-2012-10032
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...
CVE-2024-3460
In KioWare for Windows versions all through 8.34 it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. ...
SUSE CVE-2022-22748
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Important: thunderbird
Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. CVE-2021-4140 The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have lea...
Mozilla: Spoofed origin on external protocol launch dialog
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...
Mozilla: Missing throttling on external protocol launch dialog
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
Mozilla: Missing throttling on external protocol launch dialog
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
Security Vulnerabilities fixed in Firefox 96 — Mozilla
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...
Mozilla Firefox ESR < 91.5
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-02 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...
Pornhub: Stored XSS in galleries - https://www.redtube.com/gallery/[id] path
Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and submitting an XSS payload as the album title. This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Stored...
Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections
Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...
CVE-2017-17525
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
HP Info Center ActiveX Control Multiple Remote Vulnerabilities
The remote host contains the HP Quick Launch Button software, part of the HP Info Center software installed by default on many HP and Compaq laptop models. The version of this software on the remote host includes an ActiveX control that reportedly contains three insecure methods - 'GetRegValue',...