Mozilla: External protocol handler parameters were unescaped

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: External protocol handler parameters were unescaped

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

RLSA-2021:5013 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while...

RHEL 7 : firefox (RHSA-2021:5014)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5014 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla Firefox ESR 安全漏洞

Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR that stems from. A supplied parameter URL containing spaces is not properly escaped when invoking a protocol handler f...

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to an input validation error in Mozilla Firefox ESR that results from a parameter URL containing spaces that is not properly escaped when invoking a protocol handler for an external protocol. A remote attacker...

PT-2021-6408 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft App Installer versions prior to 1.21.3421.0 Description: The issue is related to a spoofing vulnerability in the AppX installer that affects Microsoft Windows. This vulnerability can be exploited by attackers using specially crafted...

Mozilla Firefox Security Advisory (MFSA2016-06) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

Command injection

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

CVE-2020-17759

CVE-2020-17759 affects the Evernote client for Windows 10, 7, and 2008 via the protocol handler. The vulnerability allows attackers to achieve arbitrary command execution when a user clicks a specially crafted URL. This is the root cause described across multiple connected sources (e.g., NVD entr...

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

Evernote命令注入漏洞

Evernote Impression Notes is a suite of note-taking software for the macOS platform from the American company Evernote. The software allows you to create, manage, synchronize, search, and share notes anytime, anywhere. The Evernote client suffers from a command injection vulnerability that stems...

SUSE SLES11 Security Update : curl (SUSE-SU-2019:14172-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14172-1 advisory. - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVE-2019-5482 Note that Nessus has not tested for this issue but has...

curl: heap buffer overflow in function tftp_receive_packet()

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...

Facebook Gameroom Code Execution Vulnerability

Facebook Gameroom is a software of Facebook Inc. It is used for watching videos, playing games, and sharing content. A security vulnerability exists in versions prior to Facebook Gameroom v1.26.0 that stems from the fbgames protocol handler not properly referencing parameters passed to the...