273 matches found
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
CVE-2021-43540
CVE-2021-43540 affects Mozilla Firefox prior to 95. WebExtensions with the correct permissions could create and install ServiceWorkers for third-party sites that would not be uninstalled with the extension. This is described as an access restriction bypass vulnerability in Firefox < 95. The re...
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
UBUNTU-CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
Mozilla Firefox < 95.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 95.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-52 advisory. - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christia...
SUSE: Security Advisory (SUSE-SU-2017:0426-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
CVE-2018-18497
CVE-2018-18497 : In Firefox, limitations on URIs allowed to WebExtensions via the browser.windows.create API can be bypassed by placing a pipe in the URL field, causing multiple pages to load as a single argument. This may allow a malicious WebExtension to open privileged locations such as about:...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3844-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3844-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...
USN-3844-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. CVE-2018-12405, CVE-2018-12406, CVE-2018-1240...
USN-3844-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. CVE-2018-12405, CVE-2018-12406, CVE-2018-1240...
UBUNTU-CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
CVE-2018-18497
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...
Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass (CVE-2018-12368)
A policy bypass vulnerability exists in Mozilla Firefox. This vulnerability is due to a design weakness that allows a malicious WebExtension to open a SettingContent-ms file without a user prompt...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regressions (USN-3801-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3801-2 advisory. USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize...
USN-3801-2: Firefox regressions
USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...