Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2025/07/30 11:23 a.m.3 views

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

8.1CVSS7.3AI score0.00305EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/04 4:59 p.m.1 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

9.8CVSS9.2AI score0.03036EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2014/07/03 5:0 p.m.3 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
Rows per page
Query Builder