29 matches found
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Updated thunderbird packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
MGASA-2022-0347 Updated thunderbird packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
MGASA-2022-0344 Updated firefox packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
CVE-2022-40956
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla Firefox 跨站脚本漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 105, which stems from the fact that when injecting HTML base elements, some requests ignore the CSP's base-uri setting and accept the...
Mozilla Firefox ESR < 102.3
The version of Firefox ESR installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-41 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...
Security Vulnerabilities fixed in Firefox ESR 102.3 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...
Security Vulnerabilities fixed in Firefox 105 — Mozilla
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...