10 matches found
SUSE CVE-2019-11737
If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...
SUSE CVE-2019-11748
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the...
Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2020-14254)
Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application...
Mozilla Firefox Resource Management Error Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A resource management error vulnerability exists in Mozilla Firefox versions prior to 69, which can be exploited by attackers to execute arbitrary code or cause a denial of service...
UBUNTU-CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
UBUNTU-CVE-2019-11734
Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 69...
Google Chrome Script Injection Vulnerability (CNVD-2019-21125)
Google Chrome is a web browser from Google, an American company. A script injection vulnerability exists in Google Chromium versions prior to 69.0.3497.81. An attacker can exploit this vulnerability to execute malicious scripts in a user's browser...
CVE-2018-16078
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
Google Chrome Blink Buffer Overflow Vulnerability (CNVD-2019-03614)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A buffer overflow vulnerability exists in Blink in versions of Google Chrome prior to 69.0.3497.81. The vulnerability can be...
Google Chrome URL Spoofing Vulnerability (CNVD-2018-22398)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the full-screen mode in Google Chrome versions prior to 69.0.3497.81. A remote attacker can exploit the vulnerability to forge URLs...