167 matches found
Mozilla Thunderbird < 102.2
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-36 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1 and Thunderbir...
Mozilla Firefox ESR < 91.13
The version of Firefox ESR installed on the remote Windows host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-35 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefo...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-235-03)
The version of mozilla-thunderbird installed on the remote host is prior to 102.2.0 / 91.13.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-235-03 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with...
Mozilla Firefox < 104.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 104.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-33 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and...
Mozilla Firefox ESR < 102.2
The version of Firefox ESR installed on the remote Windows host is prior to 102.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-34 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefo...
Mozilla Firefox < 104.0
The version of Firefox installed on the remote Windows host is prior to 104.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-33 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ES...
Mozilla Thunderbird < 91.13
The version of Thunderbird installed on the remote Windows host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-37 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1 and Thunderbird 91.12...
Mozilla Firefox ESR < 91.13
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-35 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1,...
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
DEBIAN-CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
UBUNTU-CVE-2021-30744
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
UBUNTU-CVE-2020-26962
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...
Apple macOS Catalina Access Control Error Vulnerability
Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in versions of macOS Catalina prior to 10.15.1, which stems from a cross-origin issue with the iframe element, whereby a malicious HTML document may render an iframe...
CVE-2019-8754
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user...
NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)
The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting a...
DEBIAN-CVE-2018-4319
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe (CVE-2017-2371)
The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail. Here's some snippets. RefPtr...
HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...