OpenAI Atlas 安全漏洞

OpenAI Atlas is an AI browser developed by OpenAI in the United States, which integrates artificial intelligence assistants into the browsing experience. Versions of OpenAI Atlas prior to 1.2025.288.15 contained a security vulnerability. This vulnerability stemmed from exposing privileged browser...

(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability

This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2026-22341

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

Mozilla: Address bar spoofing via XSLT error handling

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data...

CVE-2008-1240

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195...

Design/Logic Flaw

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195...

CVE-2008-1240

Technical details for CVE-2008-1240 are not present in the connected documents. The initial description notes a jar URI content-origin parsing issue in LiveConnect affecting Firefox/SeaMonkey, but there are no accompanying technical specifics (affected product versions, root cause, or fixes) in t...

Java socket connection to any local port via LiveConnect — Mozilla

Security researcher Gregory Fleischer demonstrated that web content fetched via the jar: protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the user's machine "localhost". The issue is caused by improper parsing of the content origin passed from the browser to...