88 matches found
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
UBUNTU-CVE-2025-1936
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...
CVE-2025-1936 Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to deficiencies in access control. These flaws allow attackers to bypass security restrictions and compromise the confidentiality and integrity of protected information.
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and affect the confidentiality and integrity of protected information by creatin...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
mozilla: Missing permission check when creating a StreamFilter
The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...
Forgejo Security Breach
Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker could exploit this vulnerability to test the existence of a private user account by appending .rss or other extensions to a URL...
Mozilla: WebExtensions could open arbitrary URLs
The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data...
Mozilla: WebExtensions could open arbitrary URLs
The Mozilla Foundation Security Advisory describes this flaw as: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data...
USN-6456-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-5722, CVE-2023-5724,...
ALSA-2023:6191 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fixes: Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and...
SUSE CVE-2016-9075
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox 50...
SUSE CVE-2018-5132
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox 59...
SUSE: Security Advisory (SUSE-SU-2022:4284-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-32868
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...
CVE-2022-32868
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...
CVE-2022-32868
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...