Lucene search
K

167 matches found

Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.34 views

Mozilla Thunderbird < 102.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-36 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1 and Thunderbir...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.52 views

Mozilla Firefox ESR < 91.13

The version of Firefox ESR installed on the remote Windows host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-35 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefo...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.29 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-235-03)

The version of mozilla-thunderbird installed on the remote host is prior to 102.2.0 / 91.13.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-235-03 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.40 views

Mozilla Firefox < 104.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 104.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-33 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and...

8.8CVSS7.8AI score0.00905EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.29 views

Mozilla Firefox ESR < 102.2

The version of Firefox ESR installed on the remote Windows host is prior to 102.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-34 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefo...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.82 views

Mozilla Firefox < 104.0

The version of Firefox installed on the remote Windows host is prior to 104.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-33 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ES...

8.8CVSS7.8AI score0.00905EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.35 views

Mozilla Thunderbird < 91.13

The version of Thunderbird installed on the remote Windows host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-37 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1 and Thunderbird 91.12...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.41 views

Mozilla Firefox ESR < 91.13

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-35 advisory. - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1,...

8.8CVSS8.1AI score0.00905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/09 6:30 p.m.12 views

webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.2AI score0.01068EPSS
Exploits0References5
NVD
NVD
added 2021/09/08 2:15 p.m.24 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS0.01068EPSS
Exploits0References5
OSV
OSV
added 2021/09/08 2:15 p.m.3 views

DEBIAN-CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS5.8AI score0.01068EPSS
Exploits0References1
OSV
OSV
added 2021/07/27 12:0 a.m.4 views

UBUNTU-CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS5.8AI score0.01068EPSS
Exploits0References3
OSV
OSV
added 2020/11/17 12:0 a.m.6 views

UBUNTU-CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.7AI score0.0069EPSS
Exploits0References5
CNVD
CNVD
added 2020/11/05 12:0 a.m.2 views

Apple macOS Catalina Access Control Error Vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in versions of macOS Catalina prior to 10.15.1, which stems from a cross-origin issue with the iframe element, whereby a malicious HTML document may render an iframe...

6.5CVSS5.8AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2020/10/27 8:15 p.m.3 views

CVE-2019-8754

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user...

6.5CVSS6.6AI score0.00439EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting a...

10CVSS7.7AI score0.07439EPSS
Exploits1References5
OSV
OSV
added 2019/04/03 6:29 p.m.1 views

DEBIAN-CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS8.3AI score0.01075EPSS
Exploits0References1
NVD
NVD
added 2018/06/11 9:29 p.m.17 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

6.5CVSS7.1AI score0.02485EPSS
Exploits0References13
seebug.org
seebug.org
added 2017/02/23 12:0 a.m.47 views

Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe (CVE-2017-2371)

The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail. Here's some snippets. RefPtr...

4.3CVSS7.6AI score0.05719EPSS
Exploits2
Hacker One
Hacker One
added 2017/02/17 4:18 a.m.124 views

HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP

Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...

6.3AI score
Exploits0
Rows per page
Query Builder