6 matches found
MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
MGASA-2023-0034 Updated thunderbird packages fix security vulnerability
libusrsctp library out of date. CVE-2022-46871 Arbitrary file read from GTK drag and drop on Linux. CVE-2023-23598 URL being dragged from cross-origin iframe into same tab triggers navigation. CVE-2023-23601 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...