Lucene search
K

103 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If a document creates a sandboxed iframe without allow-scripts, and then appends an element to the iframe’s document that has a JavaScript event handler—the event handler will still be executed despite the iframe being in a sandbox. This vulnerability affects Firefox versions earlier than 97,...

9.6CVSS6.7AI score0.00743EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox

Using a redirect embedded in sourceMappingUrls may allow navigation to external protocol links within sandboxed iframes, without the requirement of allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.1CVSS6.6AI score0.00315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS5.8AI score0.00139EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/17 3:30 p.m.8 views

Next.js: null origin can bypass Server Actions CSRF checks

Summary origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin requests. Impact An attacker could induce a victim browser ...

5.3CVSS5.8AI score0.002EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 12:36 a.m.14 views

CVE-2025-65203

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...

7.1CVSS6.8AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.27 views

CVE-2025-65203

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...

0.00113EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51850

Name of the Vulnerable Software and Affected Versions KeePassXC-Browser versions through 1.9.9.2 Description The software autofills or prompts users to fill stored credentials into documents rendered under a browser-enforced Content Security Policy CSP directive and iframe attribute sandbox. This...

7.1CVSS6.5AI score0.00113EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/10/16 11:38 p.m.4 views

SUSE CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-33082

Malicious code in bioql PyPI...

6.1CVSS7.8AI score0.00315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/21 9:23 p.m.5 views

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

9.8CVSS5.8AI score0.00449EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 9:15 p.m.2 views

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 9:15 p.m.7 views

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

9.8CVSS0.00449EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.3 views

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...

9.8CVSS6.7AI score0.00449EPSS
Exploits0References2
OSV
OSV
added 2025/08/19 9:15 p.m.4 views

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...

9.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2025/08/19 8:52 p.m.22 views

CVE-2025-54143

CVE-2025-54143 is tied to Firefox for iOS prior to version 141. The issue arises from sandboxed iframes on web pages that could bypass the parent page’s sandbox restrictions, potentially allowing downloads to the device. Affected product: Firefox for iOS

9.8CVSS5.8AI score0.00449EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/08/19 8:52 p.m.9 views

CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

0.00449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 8:52 p.m.4 views

CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

5.8AI score0.00449EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-54143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This...

9.8CVSS5.4AI score0.00449EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-26384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, wou...

9.6CVSS7.6AI score0.00931EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.5 views

PT-2025-31712 · Mozilla +1 · Firefox For Ios +9

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 141 Description: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. Recommendations: Update Firefox for iOS...

9.8CVSS6.2AI score0.00449EPSS
Exploits0References8
Rows per page
Query Builder