5 matches found
EUVD-2021-30460
Malicious code in bioql PyPI...
CVE-2021-43532
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...
Mozilla Firefox Security Advisories (MFSA2021-48, MFSA2021-49) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Design/Logic Flaw
When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...
CVE-2021-43532
Summary: CVE-2021-43532 affects Firefox prior to 94 and relates to the Copy Image Link context menu. The bug allowed copying the final image URL after redirects, enabling token theft if a user pasted the URL back into a page and the URL leaked authentication tokens. The underlying issue involved ...