Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while...

RLSA-2021:5013 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while...

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

RHEL 7 : firefox (RHSA-2021:5014)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5014 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla Firefox < 95.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 95.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-52 advisory. - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christia...

Security Vulnerabilities fixed in Firefox ESR 91.4.0 — Mozilla

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. By misusing a race in our...

Mozilla Firefox ESR 信息泄露漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an information disclosure vulnerability that stems from the use of XMLHttpRequest, which can be exploited by attackers to identify installed applications by probing error message...

Mozilla Firefox Security Advisory (MFSA2012-02) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2013-73) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2012-97) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2015-92) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2016-73) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Engineers Online Portal 1.0 - (multiple) Authentication Bypass Vulnerability

Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

Company&#039;s Recruitment Management System 1.0 - &#039;description&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation

Exploit Title: Dolibarr ERP & CRM v14.0.2 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 9, 2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0.2 Exploit...

Student Quarterly Grading System 1.0 - SQL Injection Authentication Bypass Vulnerability

Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...

Scroll Baner <= 1.0 - CSRF to RCE

The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS function submitRequest var xhr = new...

Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-29469 DESCRIPTION: Node Redis redis module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service flaw in...