Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

libwav 安全漏洞

libwav is a simple wav library written in pure C. It can be used to create a wav file that can be used to write a wav file. A security vulnerability exists in libwav version 2017-04-20 and earlier versions, which stems from a use of uninitialized variables vulnerability in the function...

CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

UBUNTU-CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

RHEL 8 : firefox (RHSA-2022:1705)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1705 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2022-29916

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla Firefox 信息泄露漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that stems from the browser behaving differently when loading CSS variables from known resources, which can be exploited by an...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An input validation error vulnerability exists in Gitlab Community Edition...

Security Vulnerabilities fixed in Firefox 100 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

Reentrancy Bugs in GenericMinerV2

Lines of code Vulnerability details Impact No ETH reentrancy decreaseStake: makes external call releaseRewards and updates the state variables afterwards totalStake, updateBoost increaseStake: makes call to releaseRewards and updates state variables afterwards totalStake, updateBoost Recommended...

TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

Variables that should be bounded

Judge @GalloDaSballo has assessed the 8th item in QA Report 263 as Medium risk. The relevant finding follows: … The variable MasterChef.sol:43: uint16 depositFeeBP; // Deposit fee in basis points is never bounded, and UInt16.MaxValue is 65535 --- The text was updated successfully, but these error...

missing a check

Lines of code Vulnerability details Impact in citadelMinter.setCitadelDistributionSplit there is a require check that check the sum of the propvalues must be 10000 bps and POLICYOPERATIONSROLE can set 2 of the variable to 0 and 1 to 10000 it is better to make a min value to the variables and chec...

Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...

Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Date: 11/03/2022 Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce:...

CVE-2022-24829

CVE-2022-24829 affects Garden, an automation platform for Kubernetes development and testing. In versions before 0.12.39, multiple endpoints did not require authentication, with the configuration exposed via the local /api endpoint on a server bound to 0.0.0.0, making it accessible on the network...

Google Chrome File System API信息泄露漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to...

Insecure default value for CORS configuration

Impact The default value for the CORSENABLED and CORSORIGIN configuration was set to be very permissive by default. This could lead to unauthorized access in uncontrolled environments when the configuration hasn't been changed. Patches The default values for CORS have been changed in...

GHSA-G27J-74FP-XFPR Insecure default value for CORS configuration

Impact The default value for the CORSENABLED and CORSORIGIN configuration was set to be very permissive by default. This could lead to unauthorized access in uncontrolled environments when the configuration hasn't been changed. Patches The default values for CORS have been changed in...