Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 2022/09/26 2:7 p.m.6 views

Mozilla: Content-Security-Policy base-uri bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS7.3AI score0.00877EPSS
Exploits0References5
Mageia
Mageia
added 2022/09/26 6:22 a.m.56 views

Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS1.6AI score0.01342EPSS
Exploits0References3
OSV
OSV
added 2022/09/26 6:22 a.m.5 views

MGASA-2022-0347 Updated thunderbird packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS8AI score0.01342EPSS
Exploits0References4
OSV
OSV
added 2022/09/21 6:15 p.m.7 views

MGASA-2022-0344 Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

8.8CVSS8.1AI score0.01342EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/09/21 2:19 p.m.37 views

CVE-2022-40956

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...

6.1CVSS0.8AI score0.00877EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.2 views

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 105, which stems from the fact that when injecting HTML base elements, some requests ignore the CSP's base-uri setting and accept the...

6.1CVSS7.7AI score0.00877EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.52 views

Mozilla Firefox ESR < 102.3

The version of Firefox ESR installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-41 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References8
Mozilla
Mozilla
added 2022/09/20 12:0 a.m.94 views

Security Vulnerabilities fixed in Firefox ESR 102.3 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...

8.8CVSS1.7AI score0.01342EPSS
Exploits0References7Affected Software1
Mozilla
Mozilla
added 2022/09/20 12:0 a.m.313 views

Security Vulnerabilities fixed in Firefox 105 — Mozilla

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. Concurrent use of t...

6.5CVSS1.8AI score0.01284EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder