Lucene search
K

380 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.1 views

SUSE CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS9.5AI score0.0115EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.4 views

SUSE CVE-2015-7197

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...

5CVSS6.8AI score0.02535EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.6 views

SUSE CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.3AI score0.02529EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

8.1CVSS8.4AI score0.01263EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.1 views

SUSE CVE-2022-3887

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.9AI score0.00635EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.6 views

SUSE CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS8.4AI score0.00759EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2023/01/26 5:18 p.m.4 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:32 p.m.9 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:29 p.m.7 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:20 p.m.3 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:5 a.m.5 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:3 a.m.4 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:30 a.m.4 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
CNVD
CNVD
added 2023/01/04 12:0 a.m.22 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2023-59031)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox that originates from a sensitive feature in the display error message in a cross-origin response when the product imports resources usi...

6.5CVSS6.1AI score0.00759EPSS
Exploits0References1
OSV
OSV
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS6.4AI score0.00759EPSS
Exploits0References1
OSV
OSV
added 2022/12/22 8:15 p.m.10 views

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS8.6AI score
Exploits0References5
NVD
NVD
added 2022/12/22 8:15 p.m.14 views

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS0.00759EPSS
Exploits0References5
Prion
Prion
added 2022/12/22 8:15 p.m.15 views

Cross site scripting

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

4.3CVSS6.6AI score0.00759EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.24 views

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

7.2AI score0.00759EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.31 views

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS7.6AI score0.00759EPSS
Exploits0
Rows per page
Query Builder