Lucene search
K

88 matches found

RedHat Linux
RedHat Linux
added 2025/03/10 5:28 a.m.7 views

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/06 11:54 a.m.9 views

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/05 11:27 a.m.3 views

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References7
OSV
OSV
added 2025/03/04 2:15 p.m.5 views

UBUNTU-CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

7.3CVSS6.7AI score0.00413EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/03/04 1:31 p.m.8 views

CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

6.8AI score0.00413EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.5 views

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to deficiencies in access control. These flaws allow attackers to bypass security restrictions and compromise the confidentiality and integrity of protected information.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and affect the confidentiality and integrity of protected information by creatin...

9.4CVSS7AI score0.00564EPSS
Exploits0References19Affected Software8
RedHat Linux
RedHat Linux
added 2024/08/14 3:5 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:56 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:51 p.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/03 12:0 a.m.6 views

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker could exploit this vulnerability to test the existence of a private user account by appending .rss or other extensions to a URL...

5.3CVSS6.6AI score0.0081EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/10/30 5:46 p.m.5 views

Mozilla: WebExtensions could open arbitrary URLs

The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data...

4.3CVSS7.2AI score0.00906EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/10/30 5:42 p.m.4 views

Mozilla: WebExtensions could open arbitrary URLs

The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data...

4.3CVSS7.2AI score0.00906EPSS
Exploits0References6
OSV
OSV
added 2023/10/30 3:32 a.m.4 views

USN-6456-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-5722, CVE-2023-5724,...

9.8CVSS6.5AI score0.01585EPSS
Exploits0References10
OSV
OSV
added 2023/10/30 12:0 a.m.18 views

ALSA-2023:6191 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and...

9.8CVSS9.1AI score0.01936EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-9075

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...

9.8CVSS6.3AI score0.02158EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.8 views

SUSE CVE-2018-5132

The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...

6.5CVSS8.4AI score0.01489EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:4284-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.0141EPSS
Exploits0References8
NVD
NVD
added 2022/09/20 9:15 p.m.23 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...

4.3CVSS0.00848EPSS
Exploits0References6
OSV
OSV
added 2022/09/20 9:15 p.m.4 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...

4.3CVSS5.2AI score0.00848EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/09/20 9:15 p.m.2 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...

4.3CVSS5.7AI score0.00848EPSS
Exploits0References7
Rows per page
Query Builder