88 matches found
CVE-2022-32868
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...
CVE-2022-32868
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions...
PT-2022-21539 · Apple · Ios +3
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16 iOS versions prior to 16 iOS versions prior to 15.7 iPadOS versions prior to 15.7 Description: A logic issue was addressed with improved state management, which could allow a website to track users through Safari w...
Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
The Mozilla Foundation Security Advisory describes this flaw as: Web-accessible extension pages pages with a moz-extension:// scheme were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy...
CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
UBUNTU-CVE-2021-43531
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
Mozilla Firefox Security Advisory (MFSA2016-46) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
KLA12335 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack. Below is a complete...
PT-2021-7411 · Mozilla +2 · Firefox +2
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 94 Description: The issue is related to a same-origin-violation in the context of Web Extensions, where a Web Extension could access the post-redirect URL of an element clicked, potentially leaking data it should not...
USN-4443-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary...
Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-4299-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4299-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...
USN-4299-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy CSP...
SUSE-SU-2019:0338-1 Security update for MozillaThunderbird
This update for MozillaThunderbird to version 60.5 fixes the following issues: Security vulnerabilities addressed MSFA 2019-03 MSFA 2018-31 bsc1122983 bsc1119105: CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2016-5824 Do...
CVE-2018-12369
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR 60.1 and Firefox 61...
Mozilla Firefox < 59 Multiple Vulnerabilities
Binary data 700328.prm...
UBUNTU-CVE-2018-5166
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...
SUSE-SU-2017:0426-1 Security update for MozillaFirefox
MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues bsc1021991: MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects bsc1021818 MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder bsc1021821 MFSA 2017-02/CVE-2017-5386: WebExtensions can use...