2294 matches found
firefox: DOM push subscription message could hang Firefox
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...
CVE-2024-10466
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10466
CVE-2024-10466: A specially crafted push message can hang the parent process, making the browser unresponsive. Affected: Firefox < 132, Firefox ESR < 128.4, Thunderbird
CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
Security Vulnerabilities fixed in Firefox 132 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...
Security Vulnerabilities fixed in Firefox ESR 128.4 — Mozilla
A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. The origin of an external protocol handler prompt could have been...
CVE-2024-48514
php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month an email that...
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack
An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...
CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...
Malicious code in ws-api-typescript-websocket-hooks (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...
Malicious code in ads-api-report-fetcher (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57e20c733e3432bce50d7684946f0b982e3dd599d8a2df2689208afe1237c24d Any computer that has this package installed or running...
Malicious code in ws-api-typescript-infra (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 307f2e541390b49f3169786119b7f694fa2a2da04848f23037e9e101c4cefa85 Any computer that has this package installed or running...
MAL-2024-9261 Malicious code in ws-api-typescript-websocket-hooks (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...
MAL-2024-9260 Malicious code in ws-api-typescript-infra (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 307f2e541390b49f3169786119b7f694fa2a2da04848f23037e9e101c4cefa85 Any computer that has this package installed or running...