380 matches found
Linux Distros Unpatched Vulnerability : CVE-2011-1190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-15652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content...
Linux Distros Unpatched Vulnerability : CVE-2024-4769
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses...
TencentOS Server 4: thunderbird (TSSA-2024:0469)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0469 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 2: firefox (TSSA-2024:0250)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0250 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
CVE-2011-2622
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash via unknown vectors...
CentOS 7 : thunderbird (RHSA-2024:2913)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2913 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...
OESA-2024-1786 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to crea...
Amazon Linux 2 : thunderbird (ALAS-2024-2561)
The version of thunderbird installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2561 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the...
Amazon Linux 2 : firefox (ALASFIREFOX-2024-025)
The version of firefox installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-025 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
AlmaLinux 9 : thunderbird (ALSA-2024:2888)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:2888 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affec...
Information Exposure
Firefox is vulnerable to Information Exposure. The vulnerability is due to error messages generated during importing resources using Web Workers, distinguish the difference between application/javascript responses and non-script responses. This can be abused to learn information cross-origin...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...