47 matches found
Regular Expression without Anchors
Overview Affected versions of this package are vulnerable to Regular Expression without Anchors through the alloworiginpat checks in websocket.py, login.py. An attacker can bypass CORS, WebSocket origin checks, and login redirect validation by supplying an Origin or Referer value that matches the...
EUVD-2022-37432
Malicious code in bioql PyPI...
EUVD-2024-1182
Malicious code in bioql PyPI...
CVE-2025-8036
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
FreeBSD : Mozilla -- XS-leak attack (61be5684-4222-11f0-976e-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 61be5684-4222-11f0-976e-b42e991fc52e advisory. [email protected] reports: Script elements loading cross-origin resources generated load and error...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
RHEL 8 : firefox (RHSA-2025:8308)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8308 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
CVE-2025-5266
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...