Design/Logic Flaw

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Thunderbird 102.7, and Firefox ESR 102.7...

CVE-2023-23603

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-23603 Calls to console.log allowed bypassing Content Security Policy via format directive

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

CVE-2023-32313

A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. Mitigation After creating a vm, make the inspect method readonly with...

CVE-2023-32313

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

Command injection

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

CVE-2023-32313 Inspect method manipulation in vm2

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

Mageia: Security Advisory (MGASA-2023-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3324 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...

Updated thunderbird packages fix security vulnerability

libusrsctp library out of date. CVE-2022-46871 Arbitrary file read from GTK drag and drop on Linux. CVE-2023-23598 URL being dragged from cross-origin iframe into same tab triggers navigation. CVE-2023-23601 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2023-23603

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

Mozilla Firefox ESR < 102.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...

CVE-2014-7939

CVE-2014-7939 affects Google Chrome before 40.0.2214.91, where the Harmony proxy in V8 can bypass the Same Origin Policy via crafted JavaScript using Proxy.create and console.log, related to HTTP responses missing X-Content-Type-Options: nosniff. Affected component is Chrome’s V8/Chromium stack; ...

CVE-2007-1947

Affected software: Firebug extension for Mozilla Firefox (DOM templates used by console.log, domplates). Vulnerability: Cross-zone scripting via overwriting toString in anonymous functions within domplates, enabling bypass of zone restrictions and potential read of file:// URIs or code execution ...

Quicksilver Social Bookmark information leak

User login and pasword are logged to Console.log file...

[Full-disclosure] Quicksilver Social Bookmark plugin v.8F: password in clear text

Quicksilver http://quicksilver.blacktree.com/ is a tool to quickly find/launch/do anything you like with all kind of files, bookmarks etcpp on MacOSX =10.3 There exists a plug-in "Social Bookmarks" to integrate and search del.icio.us bookmarks. In version 8F this plugin logs the username and...