8 matches found
CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution
Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...
CVE-2025-6431
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...
CVE-2025-6431
The connected documents confirm CVE-2025-6431 affects Firefox for Android and describes a bypass where the prompt to open a link in an external application could be bypassed, potentially exposing users to security/privacy risks in external apps. The vulnerability is limited to Firefox for Android...
UBUNTU-CVE-2024-8900
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129, Firefox ESR 128.3, and Thunderbird 128.3...
CVE-2024-27933
Summary: CVE-2024-27933 affects Deno 1.39.0, where use of raw file descriptors in op_node_ipc_pipe() can prematurely close arbitrary fds, enabling silent permission-prompt bypass and potential arbitrary code execution on the host when an attacker controls code in the Deno runtime. The issue arise...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
CVE-2020-12424
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox 78...