4196 matches found
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
Malicious Package
Overview plugin-basic-ssl is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
📄 Malicious Windows Script Host VBScript File
This Metasploit module creates a Windows Script Host WSH VBScript .vbs file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host VBScript .vbs File', 'Description' = %...
FreeBSD : Mozilla -- HTTP Basic Authentication credentials leak (477e9eb3-685e-11f0-a12d-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 477e9eb3-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: The username:password part was not correctly stripped from URLs in CSP...
drupwn
This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...
Malicious code in plugin-basic-ssl (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c91f97ac10fa598313b2e03c827655a79a9eb89adf780dbd0df721f49780a8 Any computer that has this package installed or running should be considered...
MAL-2025-6232 Malicious code in plugin-basic-ssl (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c91f97ac10fa598313b2e03c827655a79a9eb89adf780dbd0df721f49780a8 Any computer that has this package installed or running should be considered...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
SUSE CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
DEBIAN-CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
UBUNTU-CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031 Incorrect URL stripping in CSP reports
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
CVE-2025-8031 concerns a vulnerability where the username:password portion is not correctly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials. The CVE’s context across connected documents shows affected software including Firefox and Thunderbird variants...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031 Incorrect URL stripping in CSP reports
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
Mozilla -- HTTP Basic Authentication credentials leak
[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...