EUVD-2016-9891

Malware in sbrugna...

Remote Code Execution (RCE)

@nestjs/devtools-integration is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sandboxing and missing cross-origin protections due to unsafe execution of attacker-controlled input in a JavaScript sandbox via the /inspector/graph/interact endpoint...

SUSE CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0180)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed...

Mozilla Thunderbird < 68.0

The version of Thunderbird installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-28 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0171)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence...

Mozilla: Script injection within domain through inner window reuse

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

Mozilla Thunderbird < 60.8

The version of Thunderbird installed on the remote Windows host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-23 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use,...

Mozilla: Script injection within domain through inner window reuse

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

Mozilla: Script injection within domain through inner window reuse

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

CVE-2019-11711

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

Mozilla Firefox ESR < 60.8

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-22 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in...

Mozilla Firefox < 68.0

The version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such ...

Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

Security vulnerabilities fixed in Firefox 68 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

CVE-2018-0278

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...

Mozilla Firefox is vulnerable (CNVD-2016-11466)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability. A maliciously crafted page that allows an attacker to load into the sidebar via a bookmarklet can reference a privileged chrome window and engage i...

UBUNTU-CVE-2016-9070

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox 50...

Google Chrome Frame < 4.0.245.1

The version of Google Chrome Frame installed on the remote host is earlier than 4.0.245.1. Such versions are affected by a vulnerability that may allow an attacker to bypass cross-origin protections. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...