Astra Linux - уязвимость в firefox

A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...

Mozilla Firefox < 2.0.0.12

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href...

PT-2025-34373 · Shopizer · Shopizer

Name of the Vulnerable Software and Affected Versions: Shopizer version 3.2.7 Description: The server’s Cross-Origin Resource Sharing CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling...

Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users

Google has by default enabled a security feature called "Site Isolation" in its web browser with the release of Chrome 67 for all desktop users to help them protect against many online threats, including Spectre and Meltdown attack. Site Isolation is a feature of the Google Chrome web browser tha...

USN-2833-1 firefox vulnerabilities

Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...