Lucene search
K

88 matches found

RedHat Linux
RedHat Linux
added 2017/01/25 9:31 a.m.4 views

Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR 45.7 and Firefox 51...

7.5CVSS7.3AI score0.02269EPSS
Exploits1References5
OSV
OSV
added 2016/11/18 12:0 a.m.1 views

UBUNTU-CVE-2016-9073

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox 50...

7.5CVSS7.2AI score0.01655EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2016/05/19 12:42 a.m.54 views

USN-2936-3: Firefox regression

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferencessync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringald...

8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/04/27 12:0 a.m.33 views

FreeBSD : mozilla -- multiple vulnerabilities (92d44f83-a7bf-41cf-91ee-3d1b8ecf579f)

Mozilla Foundation reports : MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...

10CVSS7.5AI score0.04841EPSS
Exploits0References19
Mozilla
Mozilla
added 2016/04/26 12:0 a.m.44 views

Elevation of privilege with chrome.tabs.update API in web extensions — Mozilla

Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co., Ltd. reported that the chrome.tabs.update API for web extensions allows for navigation to javascript: URLs without additional permissions. This can used to elevate privilege for a universal cross-site scripting XSS atta...

5.4CVSS6.4AI score0.01252EPSS
Exploits0References2Affected Software1
FreeBSD
FreeBSD
added 2016/04/26 12:0 a.m.40 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...

10CVSS2.1AI score0.04841EPSS
Exploits0References7
CVE
CVE
added 2002/06/11 4:0 a.m.565 views

CVE-2002-0482

PCI Netsupport Manager (before v7) is affected by a directory traversal vulnerability in web extensions that allows an attacker to read arbitrary files via .. in an HTTP GET request. The issue arises from insufficient validation of path input in the web extension context, enabling access to files...

5CVSS7.1AI score0.02144EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.43 views

Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions)

It is possible to view and download files on machines running PCI Netsupport Manager all version up to 7 that have the web extensions switched on default port 80. This has only been tested on Windows NT 4 server and workstation and Windows 2000 Pro , Server and Advanced server. Example on a...

1.3AI score
Exploits0
Rows per page
Query Builder