The use of Microsoft Edge vulnerability to steal local files-bug warning-the black bar safety net

In 2015, Microsoft released the Edge browser. When it was originally developed, it was named Project Spartan to. With Internet Explorer different, Edge support of the broader modern security measures, such as Content Security Policy, CSP, and modern JavaScript and CSS properties. Abandon Internet...

Mozilla Firefox < 57.0.1 Multiple Vulnerabilities

Binary data 700323.prm...

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

thunderbird: S/MIME plaintext can be leaked through HTML reply/forward

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

Chaturbate: CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS

Hi there, There's a CSS injection here: https://chaturbate.com/embed/admin/?bgcolor=%7D%7Bbackground:red&tour=nvfS&disablesound=0&campaign=iNSGX body, divmain, div.content, div.block, div.section margin: 0px; padding: 0px; body min-width:800px; div.content width: 100%; body background:...

Important: Red Hat Security Advisory: rh-ror50-rubygem-sprockets security update

An update for rh-ror50-rubygem-sprockets is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28

Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...

[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27

Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...

CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

UBUNTU-CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

Security Bulletin: IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability (CVE-2016-8999)

Summary InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in qirks mode thereby facilitating an attacker to inject malicious CSS. Vulnerability Details CVEID: CVE-2016-8999 DESCRIPTION: IBM InfoSphere Information Server...

Node.js: Your page has 2 blocking CSS resources. This causes a delay in rendering your page.

This report was not deemed to be a security vulnerability and the reporter was asked to open an issue upstream to fix publicly...

Microsoft Edge CSS Background Property Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of C...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

DEBIAN-CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

DEBIAN-CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2017-5449

A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird 52.1, Firefox ESR 52.1, and Firefox 53...