GHSA-VV2X-VRPJ-QQPQ Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

CentOS 8 : firefox (CESA-2020:5562)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:5562 advisory. - chromium-browser: Uninitialized Use in V8 CVE-2020-16042 - Mozilla: Heap buffer overflow in WebGL CVE-2020-26971 - Mozilla: CSS Sanitizer performed...

CVE-2020-26272

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

Design/Logic Flaw

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, c...

CVE-2020-26272

CVE-2020-26272 (Electron IPC frame routing) : In Electron, IPC messages sent from the main process to a subframe in the renderer process (via webContents.sendToFrame , or in handlers using event.reply or the remote module) can be delivered to the wrong frame in versions before fixed releases. Aff...

CVE-2020-26272 Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen...

Shopify: [h1-2102] HTML injection in packing slips can lead to physical theft

Summary: A HTML injection vulnerability exists in the packing slip generator, allowing customers to alter the logistical process of their and other's orders for shops that choose to display the user's e-mail address on the packing slip. The success rate depends on the shops setup and can result i...

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Summary There are vulnerabilities in IBM WebSphere Liberty used by IBM Waston Machine Learning Accelerator 1.2.2, and IBM Waston Machine Learning Accelerator 2.2.0 have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty...

DEBIAN-CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

The provided connected sources confirm CVE-2020-26973 affects Mozilla Firefox and Thunderbird, tied to the CSS Sanitizer. Affected versions include Firefox prior to 84 and Thunderbird prior to 78.6 (Firefox ESR

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri (Ruby) contains an XXE/SSRF risk in XML schemas parsed by Nokogiri::XML::Schema due to the default trust-on-parse behavior. This is fixed in version 1.11.0.rc4; upgrading to 1.11.0.rc4+ mitigates the issue. The CVE-2020-26247 entry notes the vulnerability and its fix; multiple advisories...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

Security update for MozillaFirefox (critical)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:2325-1 Rating: critical References: 1180039 Cross-References: CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 Affected Products:...