CVE-2024-8383

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader...

CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Code injection

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Open Redirect

firefox is vulnerable to Open Redirect. The vulnerability exists when a redirect embedded into sourceMappingUrls could allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols...

CVE-2021-44714

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which coul...

CVE-2021-44714 Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which coul...

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

WAGO PFC200 iocheckd service "I/O-Check" get_coupler_details remote code execution vulnerability

Summary An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of the WAGO PFC 200. A specially crafted set of packets sent to the iocheckd service “I/O-Check” can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in cod...