7 matches found
SUSE CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
DEBIAN-CVE-2020-12402
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secr...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2020-18408)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 73. An attacker can exploit the vulnerability to corrupt memory, elevate privileges or possibly execute arbitrary code...
CVE-2019-17001
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document cross-site scripting. This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This...
Unspecified Vulnerability in Mozilla Firefox and Mozilla Firefox ESR
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Firefox versions prior to Firefox 70 and...
Cloud Foundry UAA Information Disclosure Vulnerability
Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry cloud platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry UAA versions prior to 73.3.0 that stems from the endpoint not being properly escaped. An...
Google Chrome Blink Information Disclosure Vulnerability (CNVD-2018-24370)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in Google Chrome versions prior to 70.0.3538.67. The vulnerability can be exploited by ...