8 matches found
USN-7193-1 thunderbird vulnerability
Masato Kinugawa discovered that Thunderbird did not properly validate the CSP policy in the Web Compatibility extension. An attacker could potentially exploit this issue to perform a cross-site scripting attack...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
SUSE CVE-2024-11694
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability...