Mozilla Firefox < 63.0

The version of Firefox installed on the remote Windows host is prior to 63.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-26 advisory. - When manipulating user events in nested loops while opening a document through script, it is possible to trigger a...

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

UBUNTU-CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

Security vulnerabilities fixed in Firefox 63 — Mozilla

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...

CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

Input validation

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

UBUNTU-CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

CVE-2018-6043

CVE-2018-6043 affects Google Chrome (Chromium project) via the External Protocol Handler. The root cause is insufficient data validation in the handler, allowing a remote attacker to potentially execute arbitrary code on a user’s machine by presenting a crafted HTML page. Publicly documented impa...

CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

CVE-2018-6043

Removed by vendor...

Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution

Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on:...

Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit

Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on: Windows, Microsoft...

Mixed Content: This content should also be served over HTTPS

Is the mixed content warning a security concern? This is by design,the request starting “receiver://” is invoking the protocol handler. It only happens on the local computer instead to crossing the internet. This command invokes the WebHelper.exe installed as part of Receiver to run and report th...

Brave Software: Navigation to protocol handler URL from the opened page displayed as a request from this page.

Summary: Navigation to protocol handler URL from the page opened using window.open is considered as a request from the opened page. Example: 1. The page opens google.com 2. The page changes opened window's location to ssh://evil.com 3. Request to open ssh://evil.com URL displayed at google.com...

Microsoft Windows Multiple Vulnerabilities (KB4103716)

This host is missing a critical security update according to Microsoft KB4103716 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Electron protocol handler browser vulnerable to Command Injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

GHSA-FJQR-FX3F-G4RV Electron protocol handler browser vulnerable to Command Injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

Github Electron Protocol Handler Command Injection Vulnerability

GitHub Electron is a GitHub application development framework . The framework supports the use of JavaScript, HTML and CSS to write cross-platform desktop applications . Protocol Handler is one of the protocol handler . A command injection vulnerability exists in Protocol Handler in Github Electr...

Remote Code Execution (RCE)

Electron is vulnerable to remote code execution RCE attacks. A malicious user can pass a Electron Protocol Handler to the application that when clicked on executes arbitrary code. This vulnerability is due to an incomplete fix in CVE-2018-1000006...

Command injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...