73 matches found
CVE-2021-29944
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...
HTML Injection
firefox is vulnerable to HTML injection. Lack of escaping allows an attacker to inject and execute arbitrary HTML in a user's browser when a webpage was viewed in Reader View. While a secure Content Security Policy prevents direct code execution, HTML injection is still possible...
Mozilla Firefox < 88.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 88.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-16 advisory. - Mozilla developers and community members Ryan VanderMeulen, Sean Feng, Tyson Smith, Julian Seward, Christian...
Brave Software: HTML injection in title of reader view
HTML injection was possible in the title of the reader view in Brave iOS version 1.20 and current Nightly. This allowed any page to inject malicious HTML code in the reader-mode page through html code you want to inject. This vulnerability could be exploited to steal user's sensitive information...
The vulnerability of the Firefox browser’s Reader View function, which allows a hacker to execute arbitrary code.
The vulnerability of the Firefox Browser’s Reader View function is related to errors in processing cookie files with the SameSite attribute. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
Cross site request forgery (csrf)
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
CVE-2018-12370
CVE-2018-12370 : In Firefox Reader View, SameSite cookie protections are not checked on exit, allowing a payload to trigger when Reader View is left if loaded from a malicious site while Reader mode is active, bypassing CSRF protections. Affected products are Firefox versions earlier than 61.0. C...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
The vulnerability of Mozilla Firefox’s Reader View reading mode allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Reader View reading mode in Mozilla Firefox browser is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information remotely...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
UBUNTU-CVE-2018-12370
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...
Security vulnerabilities fixed in Firefox 61 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
CVE-2018-5119
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox 58...
Design/Logic Flaw
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox 58...
CVE-2018-5119
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox 58...
CVE-2018-5119
The CVE-2018-5119 issue affects Mozilla Firefox versions earlier than 58. In Reader View, cross-origin content could be displayed when CORS headers prohibit loading cross-origin content, potentially allowing access to restricted content. Mitigation: upgrade to Firefox 58 or newer where this is fi...