Mozilla Firefox Information Disclosure Vulnerability (CNVD-2023-59956)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that stems from the browser behaving differently when loading CSS variables from known resources, which can be exploited by an...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists due to the leakage of the browser history with CSS variables...

Updated thunderbird packages fix security vulnerability

Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:1725)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:1725-1 advisory. - Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 - Mozilla: iframe Sandbox bypass CVE-2022-29911 - Mozilla:...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Cross-site Scripting (XSS)

materialize-css is vulnerable to cross-site scripting. The highlight function of autocomplete.js does not properly escape the user input such as , allowing an attacker to inject and execute malicious javascript...

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

Mozilla: Leaking browser history with CSS variables

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

RHEL 8 : firefox (RHSA-2022:1705)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1705 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

UBUNTU-CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-29916

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: OSV:GHSA-7JVX-F994-RFW2...

GHSA-7JVX-F994-RFW2 materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...