Mozilla: Screen hijack via browser fullscreen mode

The Mozilla Foundation Security Advisory describes this flaw as: A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks...

Mozilla: Screen hijack via browser fullscreen mode

The Mozilla Foundation Security Advisory describes this flaw as: A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks...

Mozilla: Screen hijack via browser fullscreen mode

The Mozilla Foundation Security Advisory describes this flaw as: A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks...

Mozilla: Screen hijack via browser fullscreen mode

The Mozilla Foundation Security Advisory describes this flaw as: A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks...

Mozilla: Screen hijack via browser fullscreen mode

The Mozilla Foundation Security Advisory describes this flaw as: A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks...

SUSE CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...

SUSE CVE-2006-1931

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...

SUSE CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

SUSE CVE-2009-3826

Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to 1 the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and 2 a redirect URL that contains information about the originally...

SUSE CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation SC 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper...

SUSE CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

SUSE CVE-2011-0872

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO...

SUSE CVE-2013-0281

Pacemaker 1.1.10, when remote Cluster Information Base CIB configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service connection blocking...

SUSE CVE-2013-6657

core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information vi...

SUSE CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

SUSE CVE-2015-0290

The multi-block feature in the ssl3writebytes function in s3pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service pointer corruption and application crash...

SUSE CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

SUSE CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

SUSE CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

SUSE CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...