Lucene search
K

314 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.5 views

SUSE CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

8.8CVSS6.6AI score0.01503EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.5 views

SUSE CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

8.8CVSS9AI score0.01465EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.5 views

SUSE CVE-2016-5287

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox 49.0.2...

9.8CVSS6.5AI score0.02425EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-5141

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...

8.2CVSS8.3AI score0.01605EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.4 views

SUSE CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS8.6AI score0.02139EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.3 views

SUSE CVE-2018-12358

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox 61...

5.3CVSS8.2AI score0.01274EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.3 views

SUSE CVE-2019-5823

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

5.4CVSS5.9AI score0.01089EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-13716

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS7.8AI score0.00926EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-38010

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

6.5CVSS6.6AI score0.00911EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.3 views

SUSE CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

4.3CVSS6.2AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 2022/12/22 8:15 p.m.1 views

CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

4.3CVSS7.3AI score0.00409EPSS
Exploits0References2
NVD
NVD
added 2022/12/22 8:15 p.m.22 views

CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

4.3CVSS0.00409EPSS
Exploits0References2
OSV
OSV
added 2022/12/22 8:15 p.m.8 views

CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

6.5CVSS8.6AI score0.00696EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 8:15 p.m.18 views

CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

6.5CVSS0.00696EPSS
Exploits0References4
Prion
Prion
added 2022/12/22 8:15 p.m.16 views

Code injection

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

4.3CVSS5.6AI score0.00409EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/22 8:15 p.m.17 views

Design/Logic Flaw

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

4.3CVSS6.7AI score0.00696EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.29 views

CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

6.1AI score0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.6 views

CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private...

6.4AI score0.00409EPSS
Exploits0References2
CVE
CVE
added 2022/12/22 12:0 a.m.133 views

CVE-2022-45417

The CVE-2022-45417 entry corresponds to Mozilla Firefox prior to version 107, where Service Workers failed to detect Private Browsing Mode in all cases. This could cause Service Workers to be written to disk for sites visited in Private Browsing Mode, potentially leaking Private Browsing details ...

4.3CVSS5.6AI score0.00409EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.256 views

CVE-2022-45403

CVE-2022-45403 describes a vulnerability where Service Workers could infer the size of cross-origin media by correlating timing information with Range requests, potentially exposing presence/length of a media file. Affected: Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7AI score0.00696EPSS
Exploits0References4Affected Software3
Rows per page
Query Builder