15 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-11738
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will...
Ubuntu: Security Advisory (USN-4122-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox Security Advisory (MFSA2019-25) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:2545-1)
This update for MozillaFirefox to 68.1 fixes the following issues : Security issues fixed : CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. bsc1140868 CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. bsc1149294 CVE-2019-11710: Fixed several memory...
CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
CVE-2019-11738
CVE-2019-11738 describes a Content Security Policy bypass in Firefox before 69 and Firefox ESR before 68.1: a hash-based CSP source that takes the empty string as input can allow execution of javascript: URIs, bypassing CSP permissions. Affected products: Firefox <69 and Firefox ESR
CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
Mozilla Firefox < 69.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported...
Mozilla Firefox < 69.0
The version of Firefox installed on the remote Windows host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory. - Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safe...
Ubuntu: Security Advisory (USN-4122-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox ESR Security Advisories (MFSA2019-25, MFSA2019-27) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Security fix for the ALT Linux 10 package firefox-esr version 68.1.0-alt1
Sept. 4, 2019 Andrey Cherepanov 68.1.0-alt1 - New ESR version 68.1.0. - Fixed: + CVE-2019-11751 Malicious code execution through command line parameters + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML +...
CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...