Astra Linux - уязвимость в firefox

When Firefox is configured to block the storage of all cookies, it is still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could allow malicious websites to store tracking data without permission. This vulnerability affects Firefox versions earlier...

CVE-2025-15032 CVE-2025-15032: Increased Spoofing risk; custom new window missing about:blank

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

EUVD-2016-2752

Malware in sbrugna...

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in versions prior to Mozilla Firefox 110, which can be exploited by attackers to cause unexpected network requests from the operating system.

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...

SUSE CVE-2010-3771

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a...

SUSE CVE-2013-6657

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information vi...

CVE-2020-15664

The CVE-2020-15664 issue arises from a malicious page holding a reference to eval() from an about:blank window, allowing access to InstallTrigger and prompting users to install an extension. Affected products include Firefox < 80, Thunderbird < 78.2/68.12, Firefox ESR < 68.12/78.2, and F...

Mozilla: Attacker-induced prompt for extension installation

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

CVE-2016-4075

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL...

CVE-2016-4075

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL...

Design/Logic Flaw

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL...

CVE-2016-4075

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL...

CVE-2017-0002

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."...

Microsoft Edge UXSS-the adventure of the endless world-vulnerability warning-the black bar safety net

Today we will work together to onlookers under the Microsoft Edge there is some design problem-when these issues are combined it will form a universal cross-site scripting attacks UXSS in. If you want to figure out this vulnerability, but you're just not a security researcher, you can try so...

CVE-2016-1657

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL...

Design/Logic Flaw

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/webcontents/webcontentsimpl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL...

Opera Browser 'SRC' Denial of Service Vulnerability - Mac OS X

Opera browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3771

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a...

Google Chrome 'About:blank'地址栏URI伪造漏洞

Bugraq ID: 35839 CNCAN ID：CNCAN-2009072908 Google Chrome是一款流行的WEB浏览器。 Google Chrome存在URL伪造问题，远程攻击者可以利用漏洞使目标用户盲目信任页面，泄漏敏感信息。 通过"window.open"调用包含"%20"等特殊字符的域时，可导致在子窗口的地址栏中显示任意URL，使用户盲目信任，可能导致泄漏敏感信息。 Google Chrome 2.0.172 37 Google Chrome 2.0.172 33 Google Chrome 2.0.172 31 Google Chrome 2.0.172 30...

Ubuntu: Security Advisory (USN-493-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...